DeFi Platform Kyber Network Discloses $265K Exploit, Vows to Reimburse All Funds
Kyber, a multi-chain decentralized finance (DeFi) platform, discovered a vulnerability to its website code that allowed exploiters to run away with approximately $265,000.
Two “whale” addresses appeared to be impacted by the attack, according to Kyber, which plans to reimburse the losses. Kyber said it discovered the exploit, which let attackers insert a “false approval, allowing a hacker to transfer a user’s funds to his address,” on Sept. 1 and “neutralized” the threat within two hours.
The exploit hit KyberSwap, a decentralized exchange that allows users to swap between currencies on different blockchains. KyberSwap’s blockchain contracts were not affected. The problem stemmed from malicious Google Tag Manager code in the KyberSwap website, according to a statement from Kyber.
“We strongly urge all #DeFi projects to conduct a thorough check on your frontend code & associated Google Tag Manager (GTM) scripts as the attacker may have targeted multiple sites,” Kyber tweeted.
The attack on Kyber was relatively small in comparison to other recent attacks on DeFi projects, which have seen numerous multi-million-dollar thefts of users’ funds. However, it once again highlights the wide range of ways DeFi users are vulnerable to attacks.