menuIcon
$ 93,817.4
BTC
$ 93,817.4
-1.52 %
$ 1,764.32
ETH
$ 1,764.32
-3.38 %
$ 0.6754
ADA
$ 0.6754
-5.15 %
$ 595.90
BNB
$ 595.90
-1.31 %
$ 142.91
SOL
$ 142.91
-3.98 %
Usha Yadav
Sep 2, 2022
by Usha Yadav

DeFi Exchange KyberSwap Faces $265,000 Frontend Exploit

KyberSwap

Table of contents

  1. Google Tag Manager (GTM) Script
  2. KyberSwap Request Users to Confirm Approvals
The decentralized exchange (DEX) KyberSwap joins the list of DeFi projects to experience a frontend exploit following the Curve Finance exploits from last month. The liquidity protocol on which KyberSwap is based, the Kyber Network, confirmed reports on Friday. It said the attack on its website was immediately discovered and resolved within a few hours. As per the company's announcement, the hackers were able to compromise the app's front end through the Google Tag Manager (GTM) script.

Google Tag Manager (GTM) Script

GTM scripts are frequently used by websites to track user activity and collect data for analytical purposes. The hackers forced users to approve their cash and transmitted them to the hacker's address by injecting a malicious script through GTM. However, before the update, the hacker shifted four transactions totaling $265,000 worth of Matic Aave interest-bearing USDC (MAUSDC) tokens.

Aave is on the Polygon blockchain in addition to Ethereum and a few others. The above token is a USDC stablecoin deposited via Aave's Polygon integration. Users receive the interest-bearing version as a representation of their deposit each time a token similar to this is deposited on the lending platform.

KyberSwap Request Users to Confirm Approvals

The hackers took use of this interest-bearing version in their exploit on Friday. Kyber Network advised all users to confirm their approvals using the block explorer's approval tool. In exchange for returning the assets taken, Kyber Network is offering the hackers a 15% bounty worth $40,000. The company requests that the remaining cash be sent to a wallet address it has provided.

The cryptocurrency sector has experienced hacks before and will continue to do so. This year saw two of the biggest hacks in history, the first to an Ethereum-to-Solana bridge network in January and the second to Axie Infinity's Ronin crypto bridge in March.

 

Follow us on: News
crypto cyberattack Kyber Network DeFi Exchange KyberSwap Google Tag Manager
DeFi Exchange KyberSwap Faces $265,000 Frontend Exploit
Usha Yadav
Usha is a diehard crypto enthusiast and has been actively writing on different facets of the blockchain and crypto world. She has authored many research articles on cryptocurrency and aims to provide informational and quality content to readers. She firmly believes that crypto has a great potential to redefine the world of finance and blockchain.

Top Picks