Kyber Network lost $54.7M when its Elastic pool logic gave attackers precision control over price boundaries. CoinSpot lost $2.5M to compromised hot wallets. TheStandard.io was drained via a low-liquidity PAXG pool, and TrustPad’s staking contract handed out rewards without checking senders. Different vectors, same flaw: missing checks where they matter most.
In Brief
Kyber Network’s liquidity pool was exploited for $54.7M.
CoinSpot lost $2.5M due to a private key compromise.
TheStandard.io got exploited for $290K.
TrustPad was hacked due to a faulty reward mechanism.
Hacks Analysis
Kyber Network | Amount Lost: $54.7M
On November 23rd, the Kyber Network exploit on the Ethereum Mainnet resulted in a $123M loss due to KyberSwap’s liquidity calculation error. KyberSwap utilizes an Elastic model that optimizes liquidity allocation by setting custom price boundaries. The attacker exploited the boundary logic within these pricing ranges to generate a profit. The attacker initiated the exploit by borrowing 2,000 WETH in flash loans from AAVE and subsequently adding liquidity to frxETH and WETH pools. This additional liquidity provided the attacker with the means to adjust the pricing boundaries, allowing for manipulation of the exchange rate. Kyber Network confirmed the exploit and promptly paused the Elastic pools in response.
On November 8th, the CoinSpot exploit on the Ethereum Mainnet resulted in a $2.5M loss due to the compromise of private keys. The attacker drained 1,262 ETH and 21 ETH from two how wallets. The attacker then swapped the stolen funds to BTC and WBTC through THORChain and transferred them to Wan Bridge. The CoinSpot has not officially acknowledged the exploit.
On November 7th, theStandard.io exploit on the Arbitrum chain resulted in a $290K loss. The root cause of the hack was the low PAXG liquidity in the PAX Gold pool. By providing 19 WBTC as collateral into this pool, the attacker gained control over the pool liquidity, enabling manipulation of the exchange pricing. Subsequently, the attacker borrowed an artificially inflated amount of stable Euro coins. The theStandard.io team acknowledged the exploit, disabled transactions on V2 pools, and announced a bounty for the safe return of the funds.
Press enter or click to view image in full size
Exploit Contract (on Arbitrum chain): 0xfEb4DfC8C4Cf7Ed305bb08065D08eC6ee6728429
On November 6th, the TrustPad exploit on the BNB chain resulted in a $155K loss due to a logic vulnerability. The issue was within the receiveUpPool() function in the LaunchpadLockableStaking contract, which failed to verify the msg.sender, allowing arbitrary external calls to manipulate the newlockstartTime variable. This vulnerability enabled the attacker to collect TAPD rewards without waiting for the lock time, resulting in a profit.
Press enter or click to view image in full size
Exploit Contract (on BNB chain): 0x129f4ac88b0446f9b46b176c93531e6cf4687657
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Follow-up: Conduct a follow-up review to ensure that the remediation steps were effective and that the smart contract is now secure.
Follow-up: Conduct a follow-up review to ensure that the remediation steps were effective and that the smart contract is now secure.
In Brief
Remitano suffered a $2.7M loss due to a private key compromise.
GAMBL’s recommendation system was exploited.
DAppSocial lost $530K due to a logic vulnerability.
Rocketswap’s private keys were inadvertently deployed on the server.
Hacks
Hacks Analysis
Huobi | Amount Lost: $8M
On September 24th, the Huobi Global exploit on the Ethereum Mainnet resulted in a $8 million loss due to the compromise of private keys. The attacker executed the attack in a single transaction by sending 4,999 ETH to a malicious contract. The attacker then created a second malicious contract and transferred 1,001 ETH to this new contract. Huobi has since confirmed that they have identified the attacker and has extended an offer of a 5% white hat bounty reward if the funds are returned to the exchange.
