KyberSwap’s $47M Reentrancy Attack: A Deep Dive into the Exploit

KyberSwap, a multi-chain DEX aggregator, fell victim to a smart contract reentrancy attack on November 23, 2023. The exploit led to a loss of approximately $47 million across multiple networks and a 90% drop in TVL.

Let’s take a closer look.

Inside the Attack

Exploiter Wallet

• Address: 0xc9b826bad20872eb29f9b1d8af4befe8460b50c6
• Role: Central node in the attack, receiving and redistributing the stolen funds.

Key Transactions

• Ethereum Network Transaction
• Polygon Network Transaction

Attack Impact Across Networks

• Arbitrum: $20M
• Optimism: $15M
• Kyber Mainnet: $7.5M
• Polygon: $2M
• Base: $315K

Total Value Locked dropped 90% from $84.9M to $8.28M million on the day of the hack, which exemplifies the profound impact of smart contract vulnerabilities. Initially, the exploit led to the direct loss of $49M. Subsequently, KyberNetwork’s recommendation resulted in an additional $27M being withdrawn by users.

The Flaw: Reentrancy in the Mint Function

The core of the exploit was most likely a vulnerability in the mint function of KyberSwap’s new v2 reinvestment token (KS2-RT). This implementation contained some sort of mint callback, which might have created a loophole for reentrancy attacks.

Vulnerable Contract

• KS2-RT: Smart Contract Tracker

Note: If other KyberSwap forks aren’t implementing this v2 reinvestment schema, they are probably not vulnerable.

Kyber Network’s Response

Kyber Network, in a swift reaction to the breach, issued an urgent advisory to users, urging them to withdraw their funds as a precautionary measure. The team is actively investigating the incident to understand its full scope and implement necessary security measures.

Lessons Learned: Securing DEXs

This incident underscores the need for rigorous security protocols in DeFi platforms, particularly in the management and implementation of smart contracts. The reentrancy vulnerability exploited in this case highlights the critical importance of:

1. Thorough Auditing: Regular and comprehensive smart contract audits to identify potential vulnerabilities, especially when upgrading functions.
2. Real-Time Monitoring: Continuous monitoring of network activity to detect and respond to suspicious transactions.
3. Best Practices in Development: Adherence to secure coding practices and learning from past incidents to prevent similar exploits.

Follow @hackenclub on 𝕏 (Twitter)

Conclusion: Fortifying DeFi’s Future

The KyberSwap attack serves as a reminder of the constant threats in the DeFi ecosystem. As we navigate this dynamic landscape, it’s imperative for all stakeholders to adopt a security-first approach, continuously enhancing their defenses against sophisticated exploits. This proactive stance is crucial in maintaining trust and stability in the world of decentralized finance.

Stay updated with the latest in blockchain security.