{"id":35318,"date":"2022-09-06T13:13:43","date_gmt":"2022-09-06T17:13:43","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=35318"},"modified":"2022-09-06T13:13:47","modified_gmt":"2022-09-06T17:13:47","slug":"kyber-compensates-affected-wallet-as-it-curbs-attack","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/kyber-compensates-affected-wallet-as-it-curbs-attack\/","title":{"rendered":"Kyber Compensates Affected Wallet As it Curbs Attack"},"content":{"rendered":"\n<h5 class=\"wp-block-heading\" id=\"h-kyber-network-said-as-a-bug-bounty-we-ll-give-you-15-of-the-money-if-you-bring-it-back-and-talk-to-our-team-one-kyber-wallet-had-265-000-stolen-from-it-on-september-1\">Kyber Network said, &#8220;As a <a href=\"https:\/\/www.google.com\/search?q=bug+bounty&sourceid=chrome&ie=UTF-8\" target=\"_blank\" rel=\"noreferrer noopener\">bug bounty<\/a>, we'll give you 15% of the money if you bring it back and talk to our team.&#8221; One Kyber wallet had $265,000 stolen from it on September 1.<\/h5>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"531\" src=\"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/09\/image-32-1024x531.png\" alt=\"Kyber Compensates Affected Wallet As it Curbs Attack \" class=\"wp-image-35320\" srcset=\"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/09\/image-32-1024x531.png 1024w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/09\/image-32-300x155.png 300w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/09\/image-32-768x398.png 768w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/09\/image-32-150x78.png 150w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/09\/image-32-750x389.png 750w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/09\/image-32.png 1073w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption>Kyber Compensates Affected Wallet As it Curbs Attack <\/figcaption><\/figure>\n\n\n\n<p>Kyber Network, a multichain decentralized finance (DeFi) platform, said it took away the attack vector that was used in an exploit on Sept. 1 that led to the theft of $265,000.<br>Two wallets were affected by the attack, and Kyber said in an update Tuesday that one of the wallets has been fully reimbursed for the money it lost.<\/p>\n\n\n\n<p>&#8220;The other wallet gave permissions to the <a href=\"https:\/\/coinscreed.com\/staging\/decentralized-autonomous-organization-dao-explained.html\" target=\"_blank\" rel=\"noreferrer noopener\">malicious script<\/a> and was able to take back those permissions before losing any money,&#8221; Kyber said.<\/p>\n\n\n\n<p>After the attack, Kyber said that the threat had been &#8220;neutralized&#8221; in two hours.<\/p>\n\n\n\n<p>The attack took advantage of a weakness in the code of Kyber's website. In this way, it was different from other<a href=\"https:\/\/coinscreed.com\/staging\/1-3-billion-in-crypto-reportedly-stolen-in-q1-2022-with-97-from-defi-exploits.html\" target=\"_blank\" rel=\"noreferrer noopener\"> DeFi attacks<\/a>, which usually target blockchain contracts. Even though the loss was not too big, the attack showed how DeFi platforms can be used by bad people in many different ways.<\/p>\n\n\n\n<p>The Google Tag Manager (GTM) script let the thieves get into the app's front end, the company said in a statement.<\/p>\n\n\n\n<p>Websites often use GTM scripts to keep track of user activity and data so they can analyze it.<\/p>\n\n\n\n<p>Using a malicious script injected through GTM, hackers forced users to approve their funds and send them to the hackers' address.<\/p>\n\n\n\n<p>&#8220;This is the first time in five years that we've been hacked, which is sad, but our team handled it very well,&#8221; tweeted Kyber's co-founder Loi Luu. &#8220;Within a few hours of finding out about the hack, we found the bad code (which was loaded on the fly by a trusted third-party js library) and took it out.&#8221;<\/p>\n\n\n\n<p>Before the fix, the<a href=\"https:\/\/coinscreed.com\/staging\/hackers-attempt-to-sell-alleged-stolen-passport-of-belarus-leader.html\" target=\"_blank\" rel=\"noreferrer noopener\"> hacker<\/a> could move $265,000 worth of Aave Matic USDC (AMUSDC) tokens that paid interest in four separate transactions.<\/p>\n\n\n\n<p>Aave is available on Ethereum and a number of other blockchains, such as Polygon. The above token is a <a href=\"https:\/\/coinscreed.com\/staging\/bybit-circle-partner-to-expand-spot-usdc-trading-pairs.html\" target=\"_blank\" rel=\"noreferrer noopener\">USDC<\/a> stablecoin that has been deposited through Aave's Polygon integration. When a token like this is put on the lending platform, the person who put it there gets the version that earns interest.<\/p>\n\n\n\n<p>In Friday's hack, the hackers stole this version, which paid interest.<\/p>\n\n\n\n<p>The KyberSwap platform is a decentralized exchange where users can trade between currencies on different blockchains.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Kyber Network said, &#8220;As a bug bounty, we&#8217;ll give you 15% of the money if you bring it back and talk to our team.&#8221; One Kyber wallet had $265,000 stolen from it on September 1. Kyber Network, a multichain decentralized finance (DeFi) platform, said it took away the attack vector that was used in an [&hellip;]<\/p>\n","protected":false},"author":39,"featured_media":35320,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[21],"tags":[1513,7907,366],"class_list":["post-35318","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-cyber-attacks","tag-kyberswap","tag-scam"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/09\/image-32.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/35318","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/39"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=35318"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/35318\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/35320"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=35318"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=35318"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=35318"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}