Fun

News Feed - 2023-11-24 02:11:07

Tom Blackstone6 hours agoKyberSwap attacker used ‘infinite money glitch’ to drain funds — DeFi expertBy exploiting a bug, the attacker caused liquidity to be “double-counted,” allowing them to get an unfair price for a swap.1342 Total views10 Total sharesListen to article 0:00NewsJoin us on social networksThe attacker who drained $46 million from KyberSwap relied on a “complex and carefully engineered smart contract exploit” to carry out the attack, according to a social media thread by Ambient exchange founder Doug Colkitt. 


Colkitt labeled the exploit an “infinite money glitch.” According to him, the attacker took advantage of a unique implementation of KyberSwap’s concentrated liquidity feature to “trick” the contract into believing it had more liquidity than it did in reality.1/ Finished a preliminary deep dive into the Kyber exploit, and think I now have a pretty good understanding of what happened.

This is easily the most complex and carefully engineered smart contract exploit I've ever seen...— Doug Colkitt (@0xdoug) November 23, 2023


Most decentralized exchanges (DEXs) provide a “concentrated liquidity” feature, which allows liquidity providers to set minimum and maximum prices at which they would offer to buy or sell crypto. According to Colkitt, this feature was used by the KyberSwap attacker to drain funds. However, the exploit “is specific to Kyber’s implementation of concentrated liquidity and probably will not work on other DEXs,” he said.


The KyberSwap attack consisted of several exploits against individual pools, with each attack being nearly identical to every other, Colkitt said. To illustrate how it worked, Colkitt considered the exploit of the ETH/wstETH pool on Ethereum. This pool contained Ether (ETH) and Lido Wrapped Staked Ether (wstETH).


The attacker began by borrowing 10,000 wstETH (worth $23 million at the time) from flash loan platform Aave, as shown in blockchain data. According to Colkitt, the attacker then dumped $6.7 million worth of these tokens into the pool, causing its price to collapse to 0.0000152 ETH per 1 wstETH. At this price point, there were no liquidity providers willing to buy or sell, so liquidity should have been zero.


The attacker then deposited 3.4 wstETH and offered to buy or sell between the prices of 0.0000146 and 0.0000153, withdrawing 0.56 wstETH immediately after the deposit. Colkitt speculated that the attacker may have withdrawn the 0.56 wstETH to “make the subsequent numerical calculations line up perfectly.”


After making this deposit and withdrawal, the attacker performed a second and third swap. The second swap pushed the price to 0.0157 ETH, which should have deactivated the attacker’s liquidity. The third swap pushed the price back up to 0.00001637. This, too, was outside of the price range set by the attacker’s own liquidity threshold, as it was now above their maximum price.


Theoretically, the last two swaps should have accomplished nothing, as the attacker was buying and selling into their own liquidity, since every other user had a minimum price set far below these values. “In the absence of a numerical bug, someone doing this would just be trading back and forth with their own liquidity,” Colkitt stated, adding, “and all the flows would net out to zero (minus fees).”


However, due to a peculiarity of the arithmetic used to calculate the upper and lower bound of price ranges, the protocol failed to remove liquidity in one of the first two swaps but also added it back during the final swap. As a result, the pool ended up “double counting the liquidity from the original LP position,” which allowed the attacker to receive 3,911 wstETH for a minimal amount of ETH. Although the attacker had to dump 1,052 wstETH in the first swap to carry out the attack, it still enabled them to profit by 2,859 wstETH ($6.7 million at today’s price) after paying back their flash loan.


The attacker apparently repeated this exploit against other KyberSwap pools on multiple networks, eventually getting away with a total of $46 million in crypto loot.


Related:HTX exchange loses $13.6M in hot wallet hack: Report


According to Colkitt, KyberSwap contained a failsafe mechanism within the computeSwapStep function that was intended to prevent this exploit from being possible. However, the attacker managed to keep the numerical values used in the swap just outside of the range that would cause the failsafe to trigger. As Colkitt stated:“The ‘reach quantity’ was the upper bound for reaching the tick boundary was calculated as ...22080000, whereas the exploiter set a swap quantity of ...220799999. That shows just how carefully engineered this exploit was. The check failed by <0.00000000001%.”


Colkitt called the attack “easily the most complex and carefully engineered smart contract exploit I’ve ever seen.”


As Cointelegraph reported, KyberSwap was exploited for $46 million on Nov. 22. The team discovered a vulnerability on April 17, but no funds were lost in that incident. The exchange’s user interface was also hacked in September 2022, although all users were compensated in that incident. The Nov. 22 attacker has informed the team they are willing to negotiate to return some of the funds. # Security# Hackers# Cybercrime# Cybersecurity# Hacks# DeFi# DEXAdd reactionAdd reactionRead moreCan crypto Privacy Pools help balance privacy and regulation?How to backup your crypto wallet private keys85% of crypto rug pulls in Q3 didn’t report audits: Hacken

News Feed

Kim Dotcom’s Planned Token Sale Is Off, Says Bitfinex
Bitfinex and a blockchain project launched by Kim Dotcom have “mutually agreed” to part ways, scuppering a planned initial exchange offering (IEO) for the controversial internet entrepreneur.
ERTHA Sold out on Seedify and Gamefi in Less Than a Minute
ERTHA Sold out on Seedify and Gamefi in Less Than a Minute sponsored December 20, 2021: Seedify and Gamefi are the top gaming launchpads in th
‘The Nine’ spot Bitcoin ETFs see $2B volume for 2nd straight day
Martin Young2 hours ago‘The Nine’ spot Bitcoin ETFs see $2B volume for 2nd straight dayBlackRock"s ETF also notched a new record $1.3 billion in daily volume in what an analyst described as “another intense volume
Federal Reserve Hikes Rate by 25bps to Keep Inflation at Bay, Aims for 2% Inflation Rate by 2025
Federal Reserve Hikes Rate by 25bps to Keep Inflation at Bay, Aims for 2% Inflation Rate by 2025 Following the fallout over the past two weeks in the U.S. banking industry, the Fed
History of Crypto: Ethereum’s entry and Bitcoin’s expansion
Cointelegraph9 hours agoHistory of Crypto: Ethereum’s entry and Bitcoin’s expansionAs Bitcoin continued its early stages of development, the largest exchange at the time was on its way to ruin.4551 Total views24 Tota
Brayden Lindrea7 minutes agoEthereum layer 2 zkEVM ‘Scroll’ confirms mainnet launchBlockchain data from Etherscan suggest Scroll’s mainnet was live over a week ago.37 Total viewsListen to article 0:00NewsJoin us on
Colombian Real Estate Platform Allows Users to Acquire Property With Bitcoin
Colombian Real Estate Platform Allows Users to Acquire Property With Bitcoin A Colombian real estate platform is now allowing users to purchase properties with Bitcoin. The platfor
Alek Hidell10 hours agoBinance exit aftershock: Can one resignation tip the crypto trust scales?The announcement of yet another top figure departing Binance coincided with an increased outflow of funds from the crypto pl
Stacking Satoshis: Leveraging Defi Applications to Earn More Bitcoin
Stacking Satoshis: Leveraging Defi Applications to Earn More BitcoinAs decentralized finance (defi) has become more popular, digital currency proponents are making money off of more
Thai Financial Regulator Claims Controversial Crypto Rule Proposal Was Just to Gauge Public Opinion
Thai Financial Regulator Claims Controversial Crypto Rule Proposal Was Just to Gauge Public Opinion The Thai financial watchdog has reportedly retreated from its
Smart Advertising Token SaTT Reveals ProBit as Next Exchange Listing
Smart Advertising Token SaTT Reveals ProBit as Next Exchange ListingSingapore, September 23, 2020– Against the predominantly dim and drab ICO backdrop, smart advertising token
Jonathan DeYoung11 hours agoThe Agenda podcast predicts the future of crypto and talks adoptionOn Episode 20 of The Agenda, hosts Ray Salmond and Jonathan DeYoung interview each other about their blockchain journeys, the