- Kyber Network identified and fixed a vulnerability in the front-end.
- The attacker managed to steal $265,000 through malicious code that was discreetly inserted into the Google Tag Manager.
- The Kyber Network team has promised to reimburse victims.
Kyber Network has revealed that it has been the victim of an exploit that saw $265,000 stolen. The team published a blog post saying that it had identified and neutralized an exploit discovered on its front end. All users that have been affected will be reimbursed.
The team identified that there was something suspicious on September 1, and then identified malicious code in the Google Tag Manager, which inserted a false approval. This allowed the hacker to transfer users’ funds to his address. Once identified, the team disabled the UI to conduct an investigation.
They said that the script had been “discreetly injected” and was targeting whales with large holdings. While conducting the investigation, they also recorded all the addresses that were affected.
The team provided the list of addresses associated with the attacker. They have asked those with the power to block fund transfers from the attackers’ addresses. They are also calling for any information about the identity of the attacker.
The attack lasted for a total of two hours, as the team was quick to pounce on the suspicious activity. They have asked those who have been affected to contact them over Discord. Th team also provided instructions on how to revoke the malicious approval.
DeFi Attacks on the Rise
The attack is yet another to take place on the DeFi market, which has time and again been a major hunting ground for hackers. The DeFi market has lost well over $1 billion due to exploits and hacks this year, and that figure does not look like it’s going to reduce any time soon.
Some of the most notable incidents that took place this year are the Ronin Bridge hack and the theft of $182 million from Beanstalk. The former incident is believed to be the work of the Lazarus Group, which is linked to North Korea. The Lazarus Group is also reportedly behind the $100 million attack on Harmony Protocol’s Horizon Bridge.
DeFi attacks will continue to occur, as it provides ample opportunity to hackers. Teams will have to be doubly careful and audit their smart contracts, and ensure that no frontend exploits exist.