The decentralized exchange (DEX) KyberSwap joins the list of DeFi projects to experience a frontend exploit following the Curve Finance exploits from last month. The liquidity protocol on which KyberSwap is based, the Kyber Network, confirmed reports on Friday. It said the attack on its website was immediately discovered and resolved within a few hours. As per the company’s announcement, the hackers were able to compromise the app’s front end through the Google Tag Manager (GTM) script. Google Tag Manager (GTM) Script GTM scripts are frequently used by websites to track user activity and collect data for analytical purposes. The hackers forced users to approve their cash and transmitted them to the hacker’s address by injecting a malicious script through GTM. However, before the update, the hacker shifted four transactions totaling $265,000 worth of Matic Aave interest-bearing USDC (MAUSDC) tokens. Aave is on the Polygon blockchain in addition to Ethereum and a few others. The above token is a USDC stablecoin deposited via Aave’s Polygon integration. Users receive the interest-bearing version as a representation of their deposit each time a token similar to this is deposited on the lending platform. 5/ Could more people be affected? No, we have effectively neutralized the attack and it is safe to use all #KyberSwap functions including #swap aggregator, adding #liquidity, and #farming. However, we urge all users to continue exe...
