Kinto Releases Review Report on K Attack Incident, Plans to Migrate Contracts and Restore User Assets

According to Foresight News, Kinto founder Ramon Recuero released a detailed review report on the K token hacking incident. This attack originated from a hidden backdoor vulnerability in the ERC-1967 Proxy standard, which allowed the attacker to bypass block explorer detection, upgrade the K proxy contract on Arbitrum, and mint unlimited tokens. Subsequently, approximately 1.55 million dollars in liquidity was extracted from Uniswap V4 and Morpho Blue.

Kinto stated that the vulnerability exists in the widely used OpenZeppelin Proxy template, which was not written by the Kinto team. The Kinto L2 network, wallet SDK, and abstract infrastructure are all unaffected, and other assets of users on Kinto have also not been impacted. The project team will take the following remedial measures:

Deploy new K contract: Launch an enhanced version of the new contract on Arbitrum; Asset recovery: Snapshot the on-chain and CEX exchange addresses at the block before the attack (356170028) to restore all token balances; Restart liquidity: Conduct small-scale financing to inject new liquidity into the Uniswap pool and restore CEX transactions to pre-attack prices; Morpho compensation plan: Provide borrowers with a 90-day repayment period, and the team will cover the remaining gap; Speculator compensation mechanism: For users who purchased before the announcement after the attack, provide a new K compensation window distributed proportionally.

Currently, Kinto has frozen CEX trading and closed remaining liquidity while collaborating with security teams such as ZeroShadow and Venn to track the attacker. The project team urges community support for the reconstruction plan and fundraising for market recovery and victim compensation.