On the 2nd of September, we shared the discovery & neutralization of a front-end exploit on KyberSwap
1/ ❗️Notice of Exploit of KyberSwap Frontend:
We identified and neutralized an exploit on the KyberSwap frontend. Affected users will be compensated. We have summarized the details in this thread⬇️
— Kyber Network (@KyberNetwork) September 1, 2022
As of 6 September, 5.30pm GMT+7 we can provide some interim, official & positive updates:
The KyberSwap website & UI is safe. The attack was neutralized in the same afternoon of being picked up, on 1st September 2022, at 4:34pm GMT+7. The attack vector was successfully identified and removed on 4th September 2022.
The KyberSwap team, together with industry partners & security experts, will continue to conduct a thorough monitoring of systems and transactions to detect any suspicious approvals or transactions, and scan all possible issues.
KyberSwap Smart Contracts, Aggregator and API are, and have always been, secure. This was a frontend exploit, which is unrelated to Kyber Network’s smart contracts.
There were only 2 impacted wallets that are now made whole.
– 1 wallet has been fully compensated of all funds and will continue using KyberSwap,
– The other wallet provided approvals to the malicious script, and successfully revoked his approval before losing any funds,
– There are no other wallets that are impacted or lost funds as a result of this exploit.
We can share that we are working with industry partners, top security experts and law enforcement to identify the hackers and retrieve the funds. You may refer to some public tweets such as:
#Binance security team has identified two suspects for yesterday's KyberSwap hack. We have provided the intel to the Kyber team, and are coordinating with LE (law enforcement).
— CZ 🔶 Binance (@cz_binance) September 3, 2022
— Kyber Network (@KyberNetwork) September 1, 2022
Past exploits in the DeFi space are sometimes a black box apart from the announcement of the main cause and resolution (or perhaps lack of); with little info on how to prevent a similar attack. KyberSwap aims to fight at the frontlines of DeFi with our industry partners and community against these attacks and share our experience for the benefit of other projects. For this purpose, we will be publishing an incident report when we conclude our thorough investigations. You can expect an update on this later this month. Some items that you can expect are:
- Further details on the hack and root causes
- How our infrastructure and operational security will evolve after this
- How our monitoring systems will be improved and other steps we can all take to beef up security
- How, just like with this incident, KyberSwap will always ensure users & funds are safe
- Was our Google Tag Manager the source of the hack?
No, it was not. The malicious script was injected via another means. We cannot disclose more at this point, with potential law enforcement involvement and the expansion of our investigation into the historical iterations of our technical infrastructure.
- Are users’ privacy at risk with Google tracking?
No. We don’t track user wallets with Google tracking, however we do store user IPs as the bare minimum practice of a web service. We commit to never store enough information that can be used to track user identity down.
- When can we read an incident report?
The KyberSwap team will publish an incident report when we conclude investigations and reviewed all material facts as well as updates to security measures for future. The goal is to have this by the end of the month.
- This event may cause FUD about KyberSwap and Kyber Network. What is your response?
We acknowledge that this incident is something that should never have happened on our watch. It shows that even with our best efforts and 5 years of experience, there is much for us as a team to learn and improve on.
Our first response is to assure our users and community that the team has taken measures to ensure that the platform is safe as our foremost priority. The KyberSwap UI is now SAFE. The KyberSwap Smart Contracts & API is and always has been, safe.
Our second response is to ensure that any affected users are taken care of. The 1 affected wallet with funds lost has been made whole and full reimbursement as of 3rd Sept. The 2nd affected wallet revoked its approvals in time and did not lose any funds.
Our third response is to ensure that this event is a learning experience for KyberSwap as well as the whole industry, which is why we are working with industry partners, security experts and law enforcement, not only to identify the culprits and retrieve the funds, but to work together and improve measures for the future.
Our last response is what we have always been focusing on, to build a platform that solves users problems, and to be the number 1 decentralized exchange for all users in DeFi making crypto easy, safe, and rewarding to use. We will never lose sight of this focus, and this incident has only served to cement this priority for us.
- What measures are you taking to improve security for KyberSwap?
We are exploring several options to enhance security measures. One thing for certain is that we will develop the following components to ensure KyberSwap is safe, actively and passively:
We are developing an advanced monitoring system to scan the website 24/7. This security system’s role is to detect suspicious code on the Front End as well as suspicious network packages going out from the website. The monitoring system will give alert with the highest emergency code notification to all of our C levels, Head levels and SRE team. The notification is done with Slack, Telegram and phone calls to ensure the team’s 100% react mode with any critical cases.
We will have a status page and a security status check that any user can check when they are using KyberSwap, to ensure the front end they are interacting with is safe.
KyberSwap’s first priority is and always has been, user safety & platform security. This is our first incident in our history of 5 years, and we aim for this to be the last. We will get stronger from this and we thank you for your encouragement and support!
We will update with any material information if and when we do have any further items to share.