Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
A South Korean DeFi project, KLAYswap stated it was hacked and lost over 2.2 billion won, or about $1.83 million, in the incident. The hacker modified the third-party JavaScript link on the front end of KLAYswap, causing the user to download malicious malware when accessing the KLAYswap page. This enabled funds to be transferred to the hacker's wallet address when conducting token-related transactions . During this time, 407 suspicious transactions were found in 325 wallets linked to this incident. Attack method (per SlowMist): Malicious Code Injection Attack. Reported loss: $ 1,830,000.
- chain
- —
- protocol
- KLAYswap
- bug_class
- unknown
- date_occurred
- 2022-02-03
- loss_usd
- $1,830,000
- source_id
- sm:klayswap::2022-02-03