KyberSwap Exploited in $46 Million Attack Due to ‘Infinite Money Glitch’ Colkitt explained that the attacker exploited a distinctive implementation of
KyberSwap’s concentrated liquidity feature, manipulating the contract to believe it possessed more liquidity than it actually did. To explain the intricacies of the attack, and with the attacks following similar strategies employed by the attacker across other pools,
Colkitt focused on the first attack, which targeted the
ETH/wstETH pool. The process began with a flash loan of 10,000
wstETH, valued at $23 million at the time. Subsequently, 2,800
wstETH (equivalent to $6 million) was swapped into the pool to alter the price from
1.05 ETH to
0.0000152. Unlike typical flash loans, the goal here was not to manipulate an oracle but to move the pool price to an area on the concentrated liquidity curve with zero
existing liquidity. This precise manipulation of Kyber’s concentrated liquidity math created an opportunity for the attacker to exploit the
system. The attacker generated
3.4 wstETH of liquidity in a specific price range and then inexplicably burned 0.56
wstETH of liquidity, possibly to align subsequent numerical
calculations perfectly.
