Decentralized finance (DeFi) protocol KyberSwap has issued a warning of a potential vulnerability on its automated market maker (AMM) platform KyberSwap Elastic, urging all liquidity providers to remove their funds as soon as possible.
On April 17, Kyber Network, developer of the Kyberswap Elastic decentralized crypto exchange, took the problem to Twitter issuing a public warning for the users that it had temporarily taken all of Elastic’s liquidity pools offline in order to address the vulnerability. The exchange specified that no user funds have been lost; highlighting only Kyberswap Elastic funds were at risk.
1/2
Attention KyberSwap Elastic Liquidity Providers:
We have identified a potential vulnerability, and as a precaution we strongly advise all Liquidity Providers to withdraw your funds on Elastic as soon as possible.Investigations are ongoing and no user funds are lost.
— Kyber Network (@KyberNetwork) April 17, 2023
KyberSwap TVL Drops Following Potential Vulnerability Announcement
However, the decentralized exchange (DEX) strongly advised liquidity providers (LPs) to remove their funds as a precaution. In addition, the exchange also noted that KyberSwap Classic, the company’s original liquidity protocol, was not affected by the potential exploit.
In a separate tweet, the team wrote that farming rewards have been temporarily suspended until a new smart contract can be deployed. As the news broke out, users withdrew more than $56 million from KyberSwap Elastic. Meanwhile, data from DefiLlama suggested its Total Value Locked (TVL) dropped from around $108 million to $52 million. Kyber wrote,
“We will be pausing farms and farming rewards from 18 April 2023, 11 pm (GMT+7), while an upgraded KyberSwap Elastic Smart Contract is being deployed. All existing rewards that KyberSwap users have earned are not affected.”
2/2
All farms and farming rewards will be paused, unless otherwise stated.
As current farming rewards only work for existing pool contracts, the farms must be paused while the upgrade is being deployed.
The farms will be restarted after the new smart contract is deployed.— Kyber Network (@KyberNetwork) April 17, 2023
This is not the first time KyberSwap suffered an exploit. In September 2022, the platform lost nearly $265,000 to a front-end exploit. As per the announcement, the hackers managed to compromise the app’s front end through the Google Tag Manager (GTM) script.
Using the injected malicious script via GTM, the hackers made users approve their funds and sent them to the hacker’s address. For the unversed, GTM scripts are often used by websites for tracking user activity and data for analytical purposes.
Why DeFi Platforms Are Susceptible To Hacks?
DeFi-related exploits have witnessed a massive increase over the past few years. Decentralized protocols are especially vulnerable to various attacks and hacking attempts due to their open-source nature and fast-paced development cycle of DeFi projects. Over time, hackers have exploited DeFi protocols through various methods including smart contract exploits, rug pull, flash loan attacks, and Reentrancy Attacks including many other sophisticated methods.
It seems DeFi protocols have served as the biggest target for such exploits accounting for a whopping 82% of the overall crypto-related attacks. Recently, the DeFi platform, Hundred Finance suffered an exploit on Ethereum (ETH) layer2 scaling solution Optimism, resulting in a loss of nearly $7 million.