The attack appears to have impacted two “whale” addresses, but Kyber plans to reimburse the losses.
The platform tweeted, “Users will be compensated. It appears the attacker was targeting whale wallets.”
Read more on Cryptocurrencies and investments:
Kyber soon discovered the weakness in its code, which made the exploit possible. It allows attackers to insert false approval, thereby letting them transfer users’ funds to their address on September 1. The threat was neutralized within two hours.
KyberSwap hit the hardest
The attack hit the DEX KyberSwap, which enables users to exchange currencies on different blockchains. No damage was done to KyberSwap’s blockchain contracts. The issue stemmed from malicious Google Tag Manager (GTM) code in the KyberSwap website.
Upon further investigation, Kyber found they could eliminate the bad script by disabling GTM, and there was no more suspicious activity thereafter.
The attackers had injected the script discreetly. Kyber proceeded to restore the user interface and took subsequent measures to identify all of the attackers and victims’ addresses as well as the scope of damage inflicted.
Kyber added in another tweet, “We strongly urge all DeFi projects to conduct a thorough check on your frontend code and associated Google Tag Manager (GTM) scripts as the attacker may have targeted multiple sites.”
While this attack was not significant compared to other recent ones impacting DeFi projects, some of which caused losses of hundreds of millions of dollars, it does draw attention to the myriad of vulnerabilities putting DeFi users at risk.