Fun

News Feed - 2023-11-24 02:11:07

Tom Blackstone6 hours agoKyberSwap attacker used ‘infinite money glitch’ to drain funds — DeFi expertBy exploiting a bug, the attacker caused liquidity to be “double-counted,” allowing them to get an unfair price for a swap.1342 Total views10 Total sharesListen to article 0:00NewsJoin us on social networksThe attacker who drained $46 million from KyberSwap relied on a “complex and carefully engineered smart contract exploit” to carry out the attack, according to a social media thread by Ambient exchange founder Doug Colkitt. 


Colkitt labeled the exploit an “infinite money glitch.” According to him, the attacker took advantage of a unique implementation of KyberSwap’s concentrated liquidity feature to “trick” the contract into believing it had more liquidity than it did in reality.1/ Finished a preliminary deep dive into the Kyber exploit, and think I now have a pretty good understanding of what happened.

This is easily the most complex and carefully engineered smart contract exploit I've ever seen...— Doug Colkitt (@0xdoug) November 23, 2023


Most decentralized exchanges (DEXs) provide a “concentrated liquidity” feature, which allows liquidity providers to set minimum and maximum prices at which they would offer to buy or sell crypto. According to Colkitt, this feature was used by the KyberSwap attacker to drain funds. However, the exploit “is specific to Kyber’s implementation of concentrated liquidity and probably will not work on other DEXs,” he said.


The KyberSwap attack consisted of several exploits against individual pools, with each attack being nearly identical to every other, Colkitt said. To illustrate how it worked, Colkitt considered the exploit of the ETH/wstETH pool on Ethereum. This pool contained Ether (ETH) and Lido Wrapped Staked Ether (wstETH).


The attacker began by borrowing 10,000 wstETH (worth $23 million at the time) from flash loan platform Aave, as shown in blockchain data. According to Colkitt, the attacker then dumped $6.7 million worth of these tokens into the pool, causing its price to collapse to 0.0000152 ETH per 1 wstETH. At this price point, there were no liquidity providers willing to buy or sell, so liquidity should have been zero.


The attacker then deposited 3.4 wstETH and offered to buy or sell between the prices of 0.0000146 and 0.0000153, withdrawing 0.56 wstETH immediately after the deposit. Colkitt speculated that the attacker may have withdrawn the 0.56 wstETH to “make the subsequent numerical calculations line up perfectly.”


After making this deposit and withdrawal, the attacker performed a second and third swap. The second swap pushed the price to 0.0157 ETH, which should have deactivated the attacker’s liquidity. The third swap pushed the price back up to 0.00001637. This, too, was outside of the price range set by the attacker’s own liquidity threshold, as it was now above their maximum price.


Theoretically, the last two swaps should have accomplished nothing, as the attacker was buying and selling into their own liquidity, since every other user had a minimum price set far below these values. “In the absence of a numerical bug, someone doing this would just be trading back and forth with their own liquidity,” Colkitt stated, adding, “and all the flows would net out to zero (minus fees).”


However, due to a peculiarity of the arithmetic used to calculate the upper and lower bound of price ranges, the protocol failed to remove liquidity in one of the first two swaps but also added it back during the final swap. As a result, the pool ended up “double counting the liquidity from the original LP position,” which allowed the attacker to receive 3,911 wstETH for a minimal amount of ETH. Although the attacker had to dump 1,052 wstETH in the first swap to carry out the attack, it still enabled them to profit by 2,859 wstETH ($6.7 million at today’s price) after paying back their flash loan.


The attacker apparently repeated this exploit against other KyberSwap pools on multiple networks, eventually getting away with a total of $46 million in crypto loot.


Related:HTX exchange loses $13.6M in hot wallet hack: Report


According to Colkitt, KyberSwap contained a failsafe mechanism within the computeSwapStep function that was intended to prevent this exploit from being possible. However, the attacker managed to keep the numerical values used in the swap just outside of the range that would cause the failsafe to trigger. As Colkitt stated:“The ‘reach quantity’ was the upper bound for reaching the tick boundary was calculated as ...22080000, whereas the exploiter set a swap quantity of ...220799999. That shows just how carefully engineered this exploit was. The check failed by <0.00000000001%.”


Colkitt called the attack “easily the most complex and carefully engineered smart contract exploit I’ve ever seen.”


As Cointelegraph reported, KyberSwap was exploited for $46 million on Nov. 22. The team discovered a vulnerability on April 17, but no funds were lost in that incident. The exchange’s user interface was also hacked in September 2022, although all users were compensated in that incident. The Nov. 22 attacker has informed the team they are willing to negotiate to return some of the funds. # Security# Hackers# Cybercrime# Cybersecurity# Hacks# DeFi# DEXAdd reactionAdd reactionRead moreCan crypto Privacy Pools help balance privacy and regulation?How to backup your crypto wallet private keys85% of crypto rug pulls in Q3 didn’t report audits: Hacken

News Feed

Chainlink Whales Dump Over 170 Million LINK In Three Weeks – Selling Pressure Ahead?
Reason to trust Strict editorial policy that focuses on accuracy, relevance, and impartiality Created by industry experts and meticulously reviewed The highest standards in reporting and pu
Central Bank Gold Demand Rose at the Fastest Pace in 55 Years, Analyst Says Silver Could Outperform Gold in 2023
Central Bank Gold Demand Rose at the Fastest Pace in 55 Years, Analyst Says Silver Could Outperform Gold in 2023 According to a myriad of reports, the People’s Republic of Ch
Prashant Jha13 hours agoJack Dorsey’s Block had $5.62B in revenue, $44M in Bitcoin profits in Q3Block didn’t incur any impairment loss on its Bitcoin holdings, and Bitcoin revenue contributed as much as 43% of its to
The Founder of Wallstreetbets Jaime Rogozinski Discusses Defi, NFTs, and Crypto Regulation
The Founder of Wallstreetbets Jaime Rogozinski Discusses Defi, NFTs, and Crypto Regulation In 2021, the subreddit forum r/wallstreetbets, also known as Wallstreetbets (WSB) became
JPMorgan’s Analysis Shows Institutional Investors Moving From Gold ETFs to Bitcoin
JPMorgan"s Analysis Shows Institutional Investors Moving From Gold ETFs to Bitcoin JPMorgan has highlighted evidence of institutional demand for bitcoin and inve
Google’s new Gemini AI model dominates benchmarks, beats GPT-4o and Claude-3
Tristan Greene2 hours agoGoogle’s new Gemini AI model dominates benchmarks, beats GPT-4o and Claude-3This is the first time Google’s taken the top slot on the Chatbot Arena leaderboard.531 Total viewsListen to articl
Helen Partz10 hours agoCaitlin Long’s Custodia Bank launches Bitcoin custody platformCustodia Bank’s launch of Bitcoin custody follows a series of regulatory challenges the firm faced earlier this year.2295 Total vie
Landfill Gas Mitigation Firm Vespene Energy Secures $4.3M to Bolster Gas-to-Bitcoin Solutions
Landfill Gas Mitigation Firm Vespene Energy Secures $4.3M to Bolster Gas-to-Bitcoin Solutions On August 9, a firm that uses landfill methane to fuel bitcoin miners, Vespene Energy,
William Suberg14 hours agoBitcoin bull market awaits as US faces ‘bear steepener’ — Arthur HayesBitcoin is witnessing a 16-year high in 30-year U.S. government bond yields, and money printing is all but guaranteed,
New South African Code Says Crypto Asset Ads Must Include Capital Loss Warning
New South African Code Says Crypto Asset Ads Must Include Capital Loss Warning Crypto asset service providers in South Africa seeking to attract investors via advertisements must &
Biggest Movers: DOGE Rebounds on Thursday, LTC Nears 1-Week High
Biggest Movers: DOGE Rebounds on Thursday, LTC Nears 1-Week High Dogecoin rebounded from Wednesday’s decline, as the meme coin moved away from a key support level. Prices ha
Crypto Swapping App Sideshift AI Drops Access Code Requirement
Crypto Swapping App Sideshift AI Drops Access Code Requirement Since launching in January, Sideshift.ai has become a well known cryptocurrency application that allows people to s