VERDICT —OUT OF SCOPE
Root cause is a frontend / UI hijack — users authorized the malicious transaction from a compromised site or DNS. On-chain contract was not the failure surface; pre-deployment audit cannot catch this class.
▰ METHOD
FRONTEND
FRONTEND
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
Decentralized liquidity protocol Kyber Network disclosed on Twitter that its users lost $265,000 in funds due to a front-end exploit. The vulnerability stems from malicious Google Tag Manager code in the KyberSwap website, where attackers target whale wallets and gain permission to transfer user funds by inserting fake approvals. Attack method (per SlowMist): Malicious Code Injection Attack. Reported loss: $ 265,000.
Primary source
https://cointelegraph.com/news/kyber-network-offers-bounty-following-265k-hack-of-decentralized-exchange ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- Kyber Network
- bug_class
- frontend
- date_occurred
- 2022-09-02
- loss_usd
- $265,000
- source_id
- sm:kyber-network::2022-09-02
Related — same bug class· frontend