KyberSwap Elastic fell victim to a security incident resulting in the unauthorized transfer of approximately $46 million in various crypto assets.
On November 23, the Kyber Network team took to Twitter, alerting users to the breach and urging them to withdraw their funds as a precautionary measure. The team assured users that they were actively investigating the situation.
Blockchain analysts quickly identified wallet addresses associated with the exploit, which remained active even after the security breach. Debank data reveals the extent of the attack, with around $20 million in wrapped Ether (wETH), $7 million in wrapped Lido-staked Ether (wstETH), and $4 million in Arbitrum (ARB) among the stolen assets.
The pilfered funds were distributed across multiple blockchain networks, including Arbitrum, Optimism, Ethereum, Polygon, and Base. Notably, blockchain investigator “Spreek” emphasized that the incident was likely not related to approval issues but rather tied to the Total Value Locked (TVL) in KyberSwap pools.
Adding a layer of intrigue, the attacker left an on-chain message addressed to protocol developers and DAO members, cryptically stating, “negotiations will start in a few hours when I am fully rested.” The message raises questions about the motivations and potential aftermath of the exploit.
As the DeFi community grapples with yet another security breach, concerns about the robustness of decentralized platforms and the need for enhanced security measures come to the forefront.