Kyberswap is a decentralized exchange (DEX) aggregator and liquidity protocol where users can easily trade tokens. It’s built on the Kyber network.
The Kyberswap team discovered a fraudulent act from its frontend which resulted in stolen funds. After investigations, “a malicious code in our Google Tag Manager (GTM)” was found, and deactivated.
Users will be compensated
The team shared in a tweet that the owners of the two wallets that were attacked will be compensated for the loss, and other users were assured that the platform is still fully functional.
“KyberSwap functions including swap aggregator,” said the team, “adding liquidity, and farming,” are all available and can be accessed without difficulties. However, they advise that users, as well as teams of other DeFi projects, be alert.
Furthermore, the team gave directions to users whose accounts have been linked with the “malicious script”, on how to deactivate such links.
In addition to the recovery steps, the team offered 15% of the stolen funds as a bug bounty to the attacker for a refund of the stolen assets. “We know your addresses and interactions,” asserted the team to the attacker, as all major Centralized exchanges have been told about the act.