Transform your $HAI holdings into Hacken shareholder status. Only 100 slots available. > Learn more and join the waitlist here.

  • Hacken
  • Blog
  • Insights
  • KyberSwap’s $47M Reentrancy Attack: A Deep Dive into the Exploit

KyberSwap’s $47M Reentrancy Attack: A Deep Dive into the Exploit

By Hacker Hacken

Share via:

KyberSwap, a multi-chain DEX aggregator, fell victim to a smart contract reentrancy attack on November 23, 2023. The exploit led to a loss of approximately $47 million across multiple networks and a 90% drop in TVL.

Let’s take a closer look.

Inside the Attack

Exploiter Wallet

Key Transactions

Attack Impact Across Networks

  • Arbitrum: $20M
  • Optimism: $15M
  • Kyber Mainnet: $7.5M
  • Polygon: $2M
  • Base: $315K

Total Value Locked dropped 90% from $84.9M to $8.28M million on the day of the hack, which exemplifies the profound impact of smart contract vulnerabilities. Initially, the exploit led to the direct loss of $49M. Subsequently, KyberNetwork’s recommendation resulted in an additional $27M being withdrawn by users.

The Flaw: Reentrancy in the Mint Function

The core of the exploit was most likely a vulnerability in the mint function of KyberSwap’s new v2 reinvestment token (KS2-RT). This implementation contained some sort of mint callback, which might have created a loophole for reentrancy attacks.

Vulnerable Contract

Note: If other KyberSwap forks aren’t implementing this v2 reinvestment schema, they are probably not vulnerable.

Kyber Network’s Response

Kyber Network, in a swift reaction to the breach, issued an urgent advisory to users, urging them to withdraw their funds as a precautionary measure. The team is actively investigating the incident to understand its full scope and implement necessary security measures.

Lessons Learned: Securing DEXs

This incident underscores the need for rigorous security protocols in DeFi platforms, particularly in the management and implementation of smart contracts. The reentrancy vulnerability exploited in this case highlights the critical importance of:

  1. Thorough Auditing: Regular and comprehensive smart contract audits to identify potential vulnerabilities, especially when upgrading functions.
  2. Real-Time Monitoring: Continuous monitoring of network activity to detect and respond to suspicious transactions.
  3. Best Practices in Development: Adherence to secure coding practices and learning from past incidents to prevent similar exploits.

Follow @hackenclub on 𝕏 (Twitter)

Conclusion: Fortifying DeFi’s Future

The KyberSwap attack serves as a reminder of the constant threats in the DeFi ecosystem. As we navigate this dynamic landscape, it’s imperative for all stakeholders to adopt a security-first approach, continuously enhancing their defenses against sophisticated exploits. This proactive stance is crucial in maintaining trust and stability in the world of decentralized finance.

Stay updated with the latest in blockchain security.

subscribe image
promotion image
IMPORTANT

Subscribe to our newsletter

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.

Read next:

More related
  • Blog image
    INSIGHTS
    Ripple Hack Explained: A Deep Dive into the Recent XRP Heist Hacker H.
  • Blog image
  • Blog image
    INSIGHTS
    Heco Bridge Hack Explained Hacker H.

Get our latest updates and expert insights on Web3 security