KyberSwap, the decentralized exchange protocol, managed to recover $4.67 million after facing a recent security attack that resulted in the loss of $47 million from its concentrated liquidity pools last week.
The cybersecurity incident had a negative impact on KyberSwap, leading to fund losses through its Elastic pools, affecting various blockchains, including Arbitrum, Optimism, Ethereum, Polygon, and Binance Smart Chain. The vulnerability exploited by the hacker was linked to an issue with the tick interval boundaries in Kyber’s concentrated liquidity pools, which the attacker manipulated to double the liquidity and then drain the pools.
The KyberSwap team has been in contact with the owners of the frontrun bots that extracted about $5.7M* worth of funds from KyberSwap pools on Polygon and Avalanche during the exploit.
We have negotiated with the owners of the frontrun bots to return 90% of the users’ funds taken…— Kyber Network (@KyberNetwork) November 26, 2023
In an effort to recover at least some of the funds, KyberSwap negotiated with the operators of front-running bots that extracted around $5.7 million in cryptocurrencies from KyberSwap pools on the Polygon and Avalanche networks during the attack. As part of the agreement, the bot operators agreed to return 90% of the funds to a specified KyberSwap address on the Polygon network, receiving a 10% incentive in return.
KyberSwap Was Just Another Target
According to data provided by the security firm CertiK, they estimate that the total annual cryptocurrency theft this year due to exploits, scams, and other types of fraud already amounts to $1.34 billion. September recorded the highest losses, with thefts surpassing $330 million.
It is important to note that these negotiations with the bot operators are separate from the discussions with the main hacker, who had previously expressed a willingness to negotiate. Although the Kyber team decided to offer a reward to a potential “white hat” hacker who could work on identifying vulnerabilities, it seems that these discussions have not made significant progress.
The attack highlights the importance of addressing cybersecurity vulnerabilities in decentralized exchange protocols. Despite KyberSwap’s efforts to mitigate losses and recover some funds, the inherent risks of decentralized finance are once again brought to light.
The KyberSwap community closely monitors the development of these events, eagerly awaiting positive progress in the recovery of stolen funds and updates on future measures to reinforce the security of their assets.