According to Cointelegraph, around $46 million in various crypto assets has been drained from the decentralized KyberSwap exchange in a recent decentralized finance (DeFi) exploit. On November 23, the Kyber Network team alerted its users via a Twitter post, stating that KyberSwap Elastic experienced a security incident and advised users to withdraw their funds as a precaution. The team is currently investigating the situation.
Blockchain sleuths have highlighted the impacted and exploiter wallet addresses, which were still recently active. Debank data reveals that approximately $46 million has been stolen in the attack, including roughly $20 million in wrapped Ether (wETH), $7 million in wrapped Lido-staked Ether (wstETH), and $4 million in Arbitrum (ARB). The funds were split across multiple chains, including Arbitrum, Optimism, Ethereum, Polygon, and Base.
Blockchain sleuth 'Spreek' stated in a post that the issue is not approval-related and is only related to the total value locked (TVL) held in the Kyber pools themselves. The attacker left an on-chain message for protocol developers and DAO members, stating that negotiations would start in a few hours when they are fully rested. DefiLlama data shows that KyberSwap's TVL dropped by 68% over a few hours, with almost $78 million leaving the protocol due to the hack and user withdrawals. Its TVL currently stands at $27 million, down from its 2023 peak of $134 million. Kyber Network Crystal KNC token prices briefly dipped 7% as news of the exploit broke but have since recovered to trade at $0.74. In April, the team identified a vulnerability and advised users to withdraw liquidity, but no funds were lost in that incident.
