Hackers withdrew $265 000 from Kyber Network’s liquidity protocol

What’s new? On September 1, Kyber Network’s DeFi liquidity protocol was subjected to a hacker attack that resulted in attackers withdrawing about $265 000 in cryptocurrency. According to the company’s announcement, the vulnerability originated in the frontend of the KyberSwap exchange, after which the developers suspended its operation to investigate. The project team promised to reimburse the amount of funds lost.

1/ ❗️Notice of Exploit of KyberSwap Frontend:We identified and neutralized an exploit on the KyberSwap frontend. Affected users will be compensated. We have summarized the details in this thread⬇️— Kyber Network (@KyberNetwork) September 1, 2022

Details of the hack. Kyber Network developers reported that they were able to detect malicious code in the Google Tag Manager (GTM), which automatically approved transactions, allowing hackers to transfer user funds to their addresses.

After disabling the user interface, the project team managed to fix the vulnerability and user funds are now safe. In this, Kyber Network noted that the embedded script was aimed at the wallets of large investors with large amounts of money in their accounts.

What is Kyber Network? It is a multi-chain DeFi protocol for trading cryptocurrencies and providing liquidity. Kyber provides connectivity between various blockchains and other liquidity protocols. The project is managed by its own decentralized community, KyberDAO, and has the native token KNC. As of September 2, 10:10 UTC, the asset is trading at $1,78, and the token gained 3,74% in the past 24 hours, according to CoinMarketCap.

In August, Brazilian crypto lending platform BlueBenx blocked all operations after hackers withdrew $32 million from the protocol. However, users questioned the veracity of this report, as details about the hack were never released. The company also reported that it was laying off most of its employees.