Flash Loans and Liquidity Bugs: Analysing the $47M KyberSwap Hack

Flash Loans and Liquidity Bugs: Analysing the $47M KyberSwap Hack

Rivanorth's photo
Rivanorth
·

2 min read

KyberSwap, a key decentralised exchange (DEX), fell victim to a sophisticated cyber-attack. This breach resulted in the theft of approximately $47 million in various crypto assets and caused a significant 90% drop in the platform's Total Value Locked (TVL).

Behind the Breach

The attack exploited a vulnerability in KyberSwap’s concentrated liquidity feature. This flaw allowed attackers to manipulate the contract, causing it to miscalculate liquidity levels and enabling them to drain substantial funds from the exchange through a series of complex and strategically executed transactions.

The core of the attack targeted a potential vulnerability in the mint function of KyberSwap’s new v2 reinvestment token (KS2-RT), which might have created an opportunity for reentrancy attacks. The attackers began by borrowing wrapped Lido-staked Ether (wstETH) via a flash loan and manipulated the price in the ETH/wstETH pool on Ethereum. This manipulation was achieved by depositing and withdrawing tokens to exploit a numerical bug in the liquidity calculation.

Despite KyberSwap's implementation of a failsafe mechanism within their computeSwapStep function, the attackers meticulously crafted their transactions to narrowly avoid triggering this failsafe. The culmination of these actions was that the system erroneously double-counted liquidity due to the exploitation of a numerical bug and the avoidance of crucial function triggers during the swaps.

After the Incident

Following the breach, Kyber Network issued an urgent advisory to its users, urging them to withdraw their funds as a precaution. The team is actively investigating the incident to understand its full scope and implement necessary security measures.

The KyberSwap hack highlights the intricate and evolving challenges facing the DeFi industry, especially concerning smart contract vulnerabilities and the security of liquidity features.

Rivanorth is a global boutique Web3 cybersecurity company. We specialise in smart contract audits and blockchain security advisory. Visit rivanorth.com to find out more.

You build the future. We help you secure it.

kyberswapkyber networkSmart Contractssmart contract security auditblockchain securitycybersecurityCryptocurrencyhacksecurity breachSecurity