The decentralized finance sector faced a significant setback when KyberSwap, a DeFi protocol, suffered a devastating hack in November 2023. The aftermath of this security breach has led to far-reaching consequences, including a drastic reduction in the platform's workforce and efforts to support affected users.
On November 22, 2023, KyberSwap experienced a severe security exploit, resulting in a loss of approximately $48.8 million from its Elastic liquidity pools. This incident, labeled as the KyberSwap Elastic exploit, occurred at 10:54:09 PM UTC, marking a significant moment in the DeFi landscape. The hacker exploited a vulnerability in KyberSwap's Elastic protocol, leading to unauthorized and exploitative swaps.
In response to this financial hit, Kyber Network's CEO, Victor Tran, announced a regrettable but necessary decision to reduce their workforce by 50%. This move aims to keep the firm's business operations sustainable in the wake of the financial losses incurred. Despite the challenging decision, Kyber Network emphasizes that its core business functions, including KyberSwap’s Aggregator and Limit Order features, remain intact. However, some initiatives, like the liquidity protocol and KyberAI project, have been temporarily paused.
Kyber Network has initiated a Treasury Grants Program to support users impacted by the hack. This program, which commenced on December 20, 2023, plans to distribute reimbursements in U.S. dollar stablecoins by February 1, 2024. Affected users are required to register for this reimbursement between January 11 and January 23, 2024. While the total reference value of losses nears $49 million, users will receive only 60% of this value, reflecting the financial constraints the platform faces. An additional $6.6 million was stolen from front-run bots in the aftermath of the primary exploit.
In a turn of events, the Kyber team attempted to negotiate a bounty deal with the hacker. However, the hacker's demands were extreme, seeking complete control over Kyber Network, including all assets and its governance mechanism, KyberDAO. The hacker's intention to buy the company at a fair valuation was not entertained by the Kyber team.
The exploit was characterized by DeFi expert Doug Colkitt as an “infinite money glitch,” a complex and carefully engineered smart contract exploit across several networks implementing KyberSwap pools. The affected networks included Avalanche, Polygon, Ethereum, and layer-2 networks such as Arbitrum, Optimism, and Base.
In summary, KyberSwap’s proactive steps to address the aftermath of the hack, including workforce reduction and plans to reimburse impacted users, demonstrate the challenges and resilience inherent in the DeFi sector. The incident underscores the importance of robust security measures and the need for continuous vigilance in the evolving landscape of decentralized finance.
Image source: Shutterstock