The decentralised exchange KyberSwap, which was based on the liquidity protocol Kyber Network, has offered a bug reward to a hacker in the amount of 15% of the assets gained via an exploit that is worth $265,000.
In a blog post published on Thursday, Kyber Network said that a hacker had taken around $265,000 worth of customer cash from KyberSwap by exploiting a frontend vulnerability. The hacker was given the option to return the cash in exchange for “a talk with our team” and 15% of what was stolen, which was around $40,000, and the protocol said that it would pay all users for any lost money due to the vulnerability.
On September 1, Kyber Network said that it has taken down its frontend in response to the detection of a “suspicious element.” The platform blocked its user interface and discovered “a dangerous code” in its Google Tag Manager, which targeted “whale wallets with high sums.” This gave the hacker the opportunity to move cash to a variety of other addresses. According to Loi Luu, one of the co-founders of Kyber Network, this was the first time in five years that the protocol had been hacked.
After two hours of investigations, it was determined who was behind the assault and how to halt it, according to Kyber Network. This attack took use of a flaw in the FE, and there is no weakness in the smart contract.
Hackers have utilised vulnerabilities to carry out attacks on several decentralised finance protocols, such as when they stole $100 million from the Horizon Bridge in June and when they stole $200 million worth of cryptocurrency from the Nomad token bridge in August. Both of these incidents occurred in June. The vast majority of hackers involved for the breach on the Nomad bridge duplicated the original vulnerability in order to send cash to addresses of their choosing.