Around $46 million in various crypto assets has seemingly been drained from the decentralized KyberSwap exchange in the latest decentralized finance exploit.
On Nov. 23, the Kyber Network team alerted its users stating in an X (Twitter) post that KyberSwap Elastic “has experienced a security incident.”
It advised users to withdraw their funds as a precaution and added it was investigating the situation.
Urgent
— Kyber Network (@KyberNetwork) November 22, 2023
Dear KyberSwap Elastic Users,
We regret to inform you that KyberSwap Elastic has experienced a security incident.
As a precautionary measure, we strongly advise all users to promptly withdraw their funds. Our team is diligently investigating the situation, and we…
Blockchain sleuths highlighted the impacted and exploiter wallet addresses, which were still recently active.
According to Debank data, around $46 million has been pilfered in the attack, including roughly $20 million in wrapped Ether (wETH), $7 million in wrapped Lido-staked Ether (wstETH), and $4 million in Arbitrum (ARB).
The funds were split across multiple chains, including Arbitrum, Optimism, Ethereum, Polygon, and Base.
Kyberswap is being drained, several sources report.
— olimpio (@OlimpioCrypto) November 22, 2023
If you have assets, withdraw pic.twitter.com/Y5ooYYzcTd
In an X post, blockchain sleuth “Spreek” said he was “fairly sure this is NOT an approval-related issue and is only related to the TVL held in the Kyber pools themselves.”
The attacker has also left an on-chain message for protocol developers and DAO members, saying “negotiations will start in a few hours when I am fully rested.”
DefiLlama data shows KyberSwap’s total value locked (TVL) tanked by 68% over a few hours and almost $78 million left the protocol due to the hack and user withdrawals. Its TVL currently stands at $27 million, down from its 2023 peak of $134 million.
Kyber Network Crystal KNC token prices briefly dipped 7% as news of the exploit broke but have since recovered to trade at $0.74.
The team identified a vulnerability in April, advising users to withdraw liquidity. However, no funds were lost in that incident.