Kyber Network Takes Swift Action After $48 Million Breach, Implements Critical Decisions

27 December 2023

Decentralized finance (DeFi) platform Kyber Network has taken significant steps to address the aftermath of a massive security breach in November, with CEO and co-founder Victor Tran at the helm.

Despite the challenges posed by the “Elastic exploit”, KyberSwap’s core business, including the aggregator and limit order functions, remains fully functional, according to the latest statement.

Kyber Network Response To Elastic Exploit

As stated by Tran, Kyber Network is preparing to launch the Zap API, this is expected to enable decentralized applications (dApps), wallets, and other projects to serve as convenient gateways for users to access DeFi liquidity protocols. 

Additionally, Kyber Network has made operational changes, including temporary pauses in liquidity protocol initiatives and the KyberAI project, to “ensure a sustainable future”. Tran further stated:

Regrettably, we have also reduced our workforce by 50%. The past few days have been among the most challenging in my journey as an entrepreneur. The decision to part ways with so many of our team members was heart-wrenching. Each individual is not only highly skilled but also deeply committed to advancing DeFi and bringing tangible value to end-users. 

Tran also stated that Kyber Network’s response to the Elastic exploit includes the implementation of the KyberSwap Elastic Exploit Treasury Grant Program, aimed at covering up to 100% of users’ losses

To provide clarity on the situation, Kyber Network has categorized the affected assets and outlined the consequences for each category. 

Treasury Grants For Victims 

According to the network’s blog post, Category 1 comprises affected assets taken from affected pools by the primary exploit, which commenced on November 22, 2023. 

This category includes liquidity positions and liquidity provider (LP) fees, with a market value of $48,883,930.66. Notably, the network has stated that these assets have yet to be recovered.

Category 2 consists of affected assets taken from affected pools by subsequent activity, referred to as Category 2 Mimicking Bots (MBA). 

These assets, totaling US$172,148.52, were obtained by two mimicking bots that replicated the actions of the primary exploit. Similar to Category 1, these assets have yet to be recovered.

Category 3 includes affected assets that were removed from affected pools by subsequent activity, collectively referred to as Category 3 Mimicking Bots (MBA), along with assets referred to as Category 3 swapped affected assets. 

While a portion of the affected assets were partially recovered, a portion of the assets were swapped into Category 3 Swapped affected assets. The market value of the Category 3 Affected Assets is $6,405,483.43, based on the last block before the Category 3 MBA.

Assets falling under Category 4 are currently locked in affected pools due to an “incorrect pool state” resulting from the primary exploit and MBA. The total value of these assets is $24,478.93. 

This amount comprises different segments: $9,390.51 attributable to the primary exploit, $15,036.04 attributable to the Category 2 MBA, and $52.38 attributable to the Category 3 MBA.

Lastly, Category 5 represents affected assets that were previously locked in affected pools due to an incorrect pool state resulting from the primary exploit. However, these assets have been successfully recovered from the liquidity pools, with a total value of $706,162.85.

At present, the native token of Kyber, KNC, is trading at $0.732, indicating a marginal decline of 0.3% within the past 24 hours. Nevertheless, over the last fourteen days, the token has demonstrated notable growth, with gains surpassing 7%.

Featured image from Shutterstock, chart from TradingView.com

Need help?

Please use the contact form to get support.