Kyber Network has offered a bounty following the exploit of a bug that resulted in a loss of $265,000.
According to a report shared by the company, an unknown hacker used a frontend exploit to steal roughly $265,000 worth of user funds from KyberSwap. The decentralized exchange company has offered to pay 15% of the stolen funds as a bug bounty.
Kyber Network lost $265K in two hours
According to a blog post by the Kyber Network, the company will compensate all users for any funds stolen from their accounts. At the same time, the blockchain-based liquidity hub has offered the hacker an opportunity to return the funds in exchange for 15% of the stolen amount. Since the stolen funds were roughly $265,000, the bounty amount would be around $40,000.
To ensure its customers are aware of the situation, Kyber Network said that it could track down the people whose funds might have been stolen by the unknown TA, and it also tracked the users that have the addresses of the OpenSea profiles. The company has reportedly shut down its front end post the exploit, which occurred at 8:24 AM UTC on Sept 1, 2022.
According to the company’s report, it found “a malicious code” in its Google Tag Manager, which was silent targeting “whale wallets with large amounts,” giving the hacker access to quickly transfer the funds to different addresses. Kyber Network co-founder Loi Luu stated that this is the first attack they have received in the five years since its operation. The TA exploited several accounts on the platform and stole approximately $265K. Fortunately, the company could stop the attack after 2 hours of its detection.
In the blog, the company assured its users that the platform was now safe. This attack was an FE exploit, and there is no smart contract vulnerability. For now, it is safe to use KyberSwap with caution. When signing for approval, check the txn information. If the transaction is to give an allowance, please ensure the allowance is given to the correct contract address.”