Kyber Network: Attack Vector Removed, Affected Wallets Compensated

Kyber Network has issued a KyberSwap incident update stating that its team has successfully removed the attack vector and has compensated for the impacted wallets. Kyber Network said that its team successfully identified and removed the attack vector on September 4th. KyberSwap Smart Contracts, Aggregator and API are, and have always been, secure. This was a frontend exploit, which is unrelated to Kyber Network’s smart contracts. There were two impacted wallets that now are made whole. One wallet has been fully compensated of all funds. The other wallet provided approvals to the malicious script, and successfully revoked his approval before losing any funds. In addition, the KyberSwap team, together with industry partners & security experts, will continue to conduct a thorough monitoring of systems and transactions to detect any suspicious approvals or transactions, and scan all possible issues. Previously, Kyber Network announced on September 2nd that the KyberSwap frontend had been attacked, $265K of user funds were lost, with 2 affected addresses. Kyber said it will compensate users all funds. On September 3rd, the Binance security team said it had identified two suspects in the KyberSwap attack. On September 5th, Kyber Network released the last public statement to the attacker, stating that the attacker who returns funds via centralized exchanges by 10:00 UTC on September 6th will receive a 15% bug bounty. Afterwards, the PeckShield security team monitored that the KyberSwap frontend exploiter already swapped 260,000 $USDC to 13 $WBTC.