About 2 days ago, the news that the #Kyber Network ecosystem suffered a cyber attack spread throughout the entire cryptocurrency ecosystem. #KyberNetwork published a statement regarding this issue on its official X (formerly Twitter) account. The explanation is as follows:
1/ We've overcome many challenges since our 2017 inception, but by far these last 2 days have been the most difficult. At the core of our mission is a commitment to security, making this recent event a heavy burden on our hearts. We’d like to be transparent about what happened.
2/ On Nov 22 10:54 PM UTC, attackers exploited KyberSwap Elastic smart contracts using a series of complex actions to conduct exploitative swaps, enabling the withdrawal of users’ funds into the attackers’ wallets. Around $54.7M of users’ funds were exploited by the attackers.
3/ In response, we paused deposits, launched an investigation, contacted relevant parties & initiated negotiations with the attackers in an effort to help users recover as much as possible, including offering a 10% bounty as an incentive for returning the users’ exploited funds.
4/ Our team is treating this incident & its impact on users with the utmost seriousness, dedicating relentless efforts to help users optimize the likelihood of reaching the most favorable outcome—recovering users' funds from the attackers.
5/ As pointed out by 0xdoug (A twitter account), this hack stands out as one of the most sophisticated in the history of DeFi, with the attacker needing to execute a precise sequence of on-chain actions in order to exploit the vulnerability.
6/ We are committed to security, & previously implemented multiple security measures after the whitehat vulnerability discovery by @1_00_proof in April, in order to redeploy KyberSwap Elastic in May.
7/ Security measures we’ve taken include internal smart contract checks, & audits by 100proof (whitehacker), ChainSecurity, & community developers via Sherlock’s audit competition. We encouraged further checks on the smart contracts through our Bug Bounty Program with Immunefi.
8/ Despite this setback, our Aggregator API is functioning normally & efficiently for partners to access optimized swap rates. Apart from KyberSwap Elastic liquidity pools & farms, http://kyberswap.com is also working normally for trading activities & insights.
9/ We are grateful for the overwhelming support from those who have offered assistance in aiding in the investigation. Our heartfelt appreciation goes out to our users & partners who believe in our product & mission. Updates will be provided as the situation unfolds.