KyberSwap exploiter linked to $50 million HXA token movement
Blockchain security company Cybers detected $50 million movement of HAXcoin (HXA), the native utility token of the Herencia Artifex non-fungible token project linked to the KyberSwap attackers.
The KyberSwap attacker’s address used a “transfer from function” to retrieve these tokens from an Ethereum address.
Users of decentralized applications typically use the “Transfer” function. It refers to a mechanism that allows one party (the sender) to transfer or send tokens from the balance of another party (the owner) to a third-party address. However, improper use or poor implementation of these features can lead to security issues.
Alert: Our systems have detected unusual transactions related to: @KyberNetwork exploit
Funding Address @KyberNetwork The exploiter received $50 million worth of money. $HA At 0x0..000dEaD $ETH Use the transferfrom function to specify an address!
Address: https://t.co/byZyFaorNA.… pic.twitter.com/2SUHuNXqEN— Cybers Alerts (@CyversAlerts) December 8, 2023
Cybers said the security breach is related to a potential flaw in the Multicall function, part of a third-party web library used in smart contracts for HXA tokens. We propose this idea in our report and encourage stakeholders to participate in the investigation to gain a comprehensive understanding of the scope and consequences of the exploit.
The CyberSwap attackers said the funds obtained by the KyberSwap attackers were spread across various externally owned accounts that are currently recognized as top HXA token holders.
Cryptocurrency exchange MEXC has temporarily suspended HXA token withdrawals and deposits. However, the outage is not directly related to security concerns about hacking, but rather to HXA’s abnormal on-chain operations, the exchange said.
Related: KyberSwap announced government subsidies for hacking victims.
Another twist in this story is that HXAcoin’s official website, hxacoin.io, is currently inaccessible, preventing investors and stakeholders from seeing official information and updates.
Hackers stole approximately $46 million in cryptocurrency assets from the decentralized KyberSwap exchange last month.
magazine: Blockchain Detective: Mt. Chainalysis is born from the collapse of Gox