Decentralized Exchange Kyberswap has become the newest crypto company that loses millions to digital thieves, after a very advanced cyber attack.
In a post on Friday, the company revealed that the attack took place on November 22, which resulted in a loss of almost $ 55 million in funds of users.
“On November 22, 10:54 pm UTC, attackers Kyberswap used elastic smart contracts using a series of complex actions to perform exploitative swaps, so that the funds of users in the portfolios of the attackers can be withdrawn. About $ 54.7 million from user funds were said.
“In response, we paused deposits, started an investigation, contacted relevant parties and negotiations with the attackers inaugurated in an attempt to help users repair as much as possible, including offering a 10% premium as a stimulus for returning the operated funds of the users.”
Read more about Crypto-Histen: UK Crypto Firm loses $ 200 million in cyber attack
Decentralized Finance (Defi) expert, Doug Colkitt, has a usable thread on X (formerly Twitter) and explains exactly how the attack took place. He said it was specific to the implementation of concentrated liquidity by Kyberswap, which means that the threat factors had a high degree of skill and specialized knowledge.
They have effectively performed a precise series of on-chain steps to use a vulnerability in the platform.
“This is easily the most complex and carefully designed smart contract exploit that I have ever seen,” He added.
Kyberswap said it had contacted the owners of the Frontrun -Bots that won around $ 5.7 million in funds from Kyberswap -Pools on Polygon and Avalanche during the exploit. Negotiations have been taken to return 90% of those funds. However, the fate of the remaining $ 50 million is unclear.
The company has also been busy setting up its defense to build resilience after the attack.
“Security measures that we have taken include internal smart contract checks and audits by 100 proof (Whitehacker), ChainSecurity and community developers via the audit competence of Sherlock. We have encouraged further checks on smart contracts through our Bug Bounty program with Immuneefi,” ” it explained.