Binance Identifies Suspects Who Stole From KyberSwap Whales
Binance may have helped crack last week’s $265,000 hack on decentralized exchange (DEX) platform KyberSwap. Binance CEO Changpeng Zhao said on Saturday that his exchange’s security team identified two suspects behind the attack, and that their identities have been forwarded to the KyberSwap team. On Sept. 1, KyberSwap issued an alert to notify users that a hacker exploited a frontend vulnerability which led to the draining of two whale wallets on Ethereum and Polygon. The team discovered malicious code in its Google Tag Manager (GTM) which led to fraudulent transaction approvals, which allowed a hacker to transfer user funds to their account. The GTM was then disabled, according to a blog. “The script had been discreetly injected and specifically targeting whale wallets with large amounts,” KyberSwap said. The DeFi platform, which doubles as both a DEX and a liquidity protocol, offered a 15% bounty (around $40,000) to the hacker if they returned the funds and spoke with the team. Compromised addresses would be fully compensated, the network said.