Blockchain security company Cyvers detected a movement of $50 million in HXA tokens, the native utility token of the Artifex nft Heritage project, pegged to exploiter KyberSwap.
The KyberSwap exploiter address obtained these tokens from an ethereum address using the “transfer from function.”
Users of decentralized applications (DApps) often use the “transfer from” function. It refers to a mechanism by which one party (sender) can transfer or send tokens from the balance of another party (owner) to a third party address. However, improper use or vulnerabilities in the implementation of these functions can lead to security problems.
ALERTOur system has detected an abnormal transaction related to the @KyberNetwork blow.
The direction financed by the @KyberNetwork The exploiter has received 50 million dollars in $HA from 0x0..000dEaD $eth address using the transferfrom! function
ADDRESS: https://t.co/byZyFaorNA.… pic.twitter.com/2SUHuNXqEN– Cyvers Alerts (@CyversAlerts) December 8, 2023
Cyvers says the security breach is related to a potential flaw in the Multicall function, which is part of the Thirdweb libraries used in the HXA token smart contract. He proposed this idea in his report and encourages interested parties to participate in the investigation to comprehensively understand the scope and consequences of the exploit.
The Cyvers team said that the funds acquired by the KyberSwap exploiter were distributed among several externally owned accounts (EOAs), now recognized as the primary holders of HXA tokens.
MEXC cryptocurrency exchange temporarily has arrested HXA token withdrawals and deposits. However, the outage is not directly related to security concerns about the hack, but rather to abnormal functioning on the HXA chain, according to the exchange.
Related: KyberSwap announces treasury grants for hacking victims
In another twist to the story, the official HXA coin website, hxacoin.io, is currently inaccessible, leaving investors and interested parties without access to official information and updates. There is no explanation for the w
Hackers drained around $46 million worth of crypto assets from decentralized exchange KyberSwap last month.
Magazine: Blockchain Detectives: The Mt. Gox Collapse Birthed Chainalysis
