In brief ⚡
Decentralized Exchange Drama: KyberSwap Negotiates with Hacker for 90% Fund Return After $46 Million Heist
Kronos Research Halts Trading Amid $25 Million Hack, Investigates Stolen API Keys
HECO Chain Bridge Compromised: $86.6M in Assets Transferred to Suspicious Addresses, Justin Sun Promises Full Compensation
Hacks and Scams⚠️
KyberSwap
Amount of Loss: ~ $47M
Analysis
KyberSwap, a decentralized exchange, faced a $46 million hack on Nov. 22, involving $20 million in Wrapped Ether (wETH), $7 million in wrapped Lido-staked Ether (wstETH), and $4 million in Arbitrum (ARB) tokens.
The hacker distributed the stolen funds across various chains, including Arbitrum, Optimism, Ethereum, Polygon, and Base.
KyberSwap responded by offering a 10% bounty reward to the hacker and initiated negotiations for the return of 90% of the stolen funds by 6 am UTC on Nov. 25.
The hacker left an on-chain message expressing openness to negotiate, stating that discussions would begin after getting some rest.
KyberSwap acknowledged the hacker's skills and proposed a straightforward deal: a 10% bounty for the safe return of all users' funds, emphasizing the need for a swift resolution.
If the hacker fails to respond or return the funds by the specified deadline, KyberSwap warned of consequences, suggesting the hacker should "stay on the run," while expressing openness to further discussion via email.
Read out the PostMortem Report here.
Kronos Research
Amount of Loss: ~ $87M
Analysis
Kronos Research has halted its trading services after a hacker stole $25 million using compromised API keys.
The unauthorized entity accessed the API keys on Nov. 19, prompting the firm to cease trading on the platform.
Blockchain investigator ZachXBT found that the stolen funds were transferred to six different crypto wallet addresses.
The transactions totaled 2,780 Ether and were sent from a Kronos Research account to addresses owned by the hacker.
Despite the security breach, Kronos Research stated that the potential losses represent an insignificant portion of its equity.
The firm is conducting internal investigations to track down the culprit and aims to resume trading as soon as possible.
HECO Bridge
Amount of Loss: ~ $26M
Analysis
HECO Chain bridge was compromised, leading to the transfer of over $86.6 million in digital assets to suspicious addresses.
Notable assets involved in the exploit include stablecoins, ETH, SHIB, LINK, and more, with withdrawals and deposits being temporarily suspended on the HECO Chain.
Justin Sun, the founder of Tron, announced that HTX (presumably the native token of the HECO Chain) will fully compensate users for any losses resulting from the hack.
PeckShield's initial alert highlighted a significant transaction of 10,145 Ether (ETH) worth around $19 million, followed by transfers of other assets like USD Coin (USDC), Chainlink (LINK), and Shiba INU (SHIB) to different addresses.
HECO Chain, officially launched on Dec. 21, 2020, aimed to provide a cross-chain experience with lower gas fees, merging Tron and BitTorrent's bridge ecosystem.
This incident marks the second recent exploit involving projects related to Justin Sun, following a $100 million hack on Poloniex, an exchange acquired by Sun in 2018, on Nov. 10. Security analysts suspect compromised private keys in the Poloniex incident.
Explore the Depths of Knowledge: Research Papers, Blogs and Tweets🔖
Tweets
GitHub Repos
Articles
Web3 Community Spotlight🔦
Note - all the respective links has been embedded in the image
This week we analyzed one of the recent hack happened with KyberSwap.
Check out one of the most complicated hack in simpler terms here.
We know smart contracts are lines of code on the blockchain that execute transactions automatically. These contracts are known for
Ethereum stands out among smart contract blockchains, largely due to the substantial impact of Layer 2 solutions on its rise.
Thanks for reading HashingBits! Share a summary of our newsletter on your social media platforms, tag us, and use the #AwareToEarn hashtag, and you could win 10 USDT as a reward! Help us build a safer Web3 ecosystem and have a chance to earn rewards and support our work.