Around $46 million in various crypto assets has seemingly been drained from the decentralized KyberSwap exchange in the latest decentralized finance exploit.
On Nov. 23, the Kyber Network team alerted its users stating in an X (Twitter) post that KyberSwap Elastic “has experienced a security incident.”
It advised users to withdraw their funds as a precaution and added it was investigating the situation.
Urgent
Dear KyberSwap Elastic Users,
We regret to inform you that KyberSwap Elastic has experienced a security incident.
As a precautionary measure, we strongly advise all users to promptly withdraw their funds. Our team is diligently investigating the situation, and we…
Blockchain sleuths highlighted the impacted and exploiter wallet addresses, which were still recently active.
According to Debank data, around $46 million has been pilfered in the attack, including roughly $20 million in wrapped Ether (wETH), $7 million in wrapped Lido-staked Ether (wstETH), and $4 million in Arbitrum (ARB).
The funds were split across multiple chains, including Arbitrum, Optimism, Ethereum, Polygon, and Base.
Kyberswap is being drained, several sources report.
If you have assets, withdraw pic.twitter.com/Y5ooYYzcTd
In an X post, blockchain sleuth “Spreek” said he was “fairly sure this is NOT an approval-related issue and is only related to the TVL held in the Kyber pools themselves.”
The attacker has also left an on-chain message for protocol developers and DAO members, saying “negotiations will start in a few hours when I am fully rested.”
Related: KyberSwap announces potential vulnerability, tells LPs to withdraw ASAP
DefiLlama data shows KyberSwap’s total value locked (TVL) tanked by 68% over a few hours and almost $78 million left the
Read more on cointelegraph.com