KyberSwap Exploit Takes Unexpected Turn

The KyberSwap exploit now features a new twist.

According to a recent report from on-chain analysts at Cyvers Alerts, the KyberSwap hacker has distributed roughly $50 million in funds to the largest HXA token holders.

For those who don’t know HXA is the native token of the Herencia Artifex NFT initiative.

Despite the update, investigators are no closer to finding the hacker than they were directly following the exploit and this recent development simply raises even more questions about the hacker’s agenda.

Cruxx Crypto News touched on the puzzling development: “The KyberSwap exploit, the hacker has distributed $50 million worth of HXA tokens to the largest holders of the cryptocurrency.

This unexpected move has left the community baffled, raising questions about the hacker’s motives and the future of the stolen funds. The exploit, which occurred in September 2023, saw approximately $265 million worth of cryptocurrency drained from the KyberSwap platform.”

🚨KyberSwap Exploiter Plays Robin Hood: $50M Distributed To Large HXA Holders

The KyberSwap exploit, the hacker has distributed $50 million worth of HXA tokens to the largest holders of the cryptocurrency. This unexpected move has left the community baffled, raising questions… pic.twitter.com/m9vRP3CAT6

— CRUXX | Crypto News (@Coin_CRUXX) December 9, 2023

Cyvers Alerts provided this critical update: “Our system has detected an abnormal transaction related to the Kyber Network exploiter. The address funded by the Kyber Network exploiter has received $50M worth of HXA from the 0x0..000dEaD ETH address using transferfrom function!

Address: https://etherscan.io/address/0x396e753ae1ae7d9905c95d70eb964c4e05052619. The funds have been distributed to different EOAs, and these EOAs are the largest holders of HXA. HXA coin uses third web libraries in its smart contract implementation, so we suspect that this hack is related to the Multicall vulnerability!”

🚨ALERT🚨Our system has detected an abnormal transaction related to the @KyberNetwork exploiter.

The address funded by the @KyberNetwork exploiter has received $50M worth of $HXA from the 0x0..000dEaD $ETH address using transferfrom function! 🤯
Address: https://t.co/byZyFaorNA.… pic.twitter.com/2SUHuNXqEN

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) December 8, 2023

Coin Edition added:

In a follow-up post on X, Cyvers disclosed that withdrawals and deposits of HXA tokens have been suspended on both Gate.io and MEXC exchanges.

While it comes following the detected abnormal transaction, it is unclear whether the deposit and withdrawal suspicion were in response to the security concerns arising from the exploited funds.

Following the hack, the Kyber Network announced:

“In relation to the KyberSwap Elastic incident that transpired from 22 November 2023, 10:54:09 PM UTC, resulting in the exploitative swaps by the exploiter that drained approximately $48.8 million of users’ funds from KyberSwap Elastic liquidity pools, we reiterate our unwavering commitment and efforts to support law enforcement and cybersecurity on track-down of the exploiter and recovery of users’ funds taken from them.

We want to assure our users that we are standing by you during this challenging period and that we understand that until funds are recovered that users would continue to have concerns especially those in hardship due to the loss caused by the exploit.

As such and notwithstanding that KyberSwap Elastic is a decentralized and permissionless protocol under which users accept risk of use of KyberSwap Elastic and being liquidity providers, as stated in the Terms of Use, we are planning grants from the KyberSwap Treasury to users to ease the hardship from the loss caused by the exploit.

Our present plan is for the KyberSwap Treasury to extend a grant to each user (who lost funds in the exploit and which have not been recovered) of an amount up to the USD value of such funds at the time when such funds were drained from their respective liquidity pools. We are working out the details of the above proposed treasury grant and will announce more details within the next two weeks.”

In relation to the KyberSwap Elastic incident that transpired from 22 November 2023, 10:54:09 PM UTC, resulting in the exploitative swaps by the exploiter that drained approximately $48.8 million of users’ funds from KyberSwap Elastic liquidity pools, we reiterate our unwavering…

— Kyber Network (@KyberNetwork) December 1, 2023

#PeckShieldAlert #KyberSwap Exploiter 8-labeled address has transferred 2.6K $ETH (worth ~$6M) to #tornadocash pic.twitter.com/48GKaONv8P

— PeckShieldAlert (@PeckShieldAlert) December 8, 2023

According to Coin Telegraph, KyberSwap has announced a relief program for victims of the hack:

The grant is designed to ease the financial burden on affected individuals and will equal the USD equivalent of the assets lost in the security breach. This move highlights KyberSwap’s dedication to its user community and platform security.

Join the conversation!

We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. If a comment is spam, instead of replying to it please click the icon below and to the right of that comment. Thank you for partnering with us to maintain fruitful conversation.