Doug Colkitt, founder of Ambient Exchange, has revealed that the thief who stole $46 million from KyberSwap used a sophisticated smart contract exploit known as an "infinite money glitch." The attacker exploited KyberSwap's concentrated liquidity feature, tricking the contract into thinking it had more liquidity than it actually did. This exploit is unique to Kyber's implementation of concentrated liquidity and is unlikely to work on other decentralized exchanges. Despite the presence of a failsafe mechanism, the attacker was able to execute a carefully engineered smart contract exploit by setting the swap quantity just below the upper bound for reaching the tick boundary. The attacker has expressed a willingness to negotiate the return of some of the stolen funds.

Cyvers Alerts stated on X platform that they have contacted the team for negotiations regarding the hacker targeting KyberSwap after a break.

BlockSec stated on social media that KyberSwap was attacked due to price manipulation and double liquidity counting. The attacker borrowed a flash loan and depleted the lower liquidity pool. By executing swaps and changing positions, they manipulated the current price and price movements of the victim pool. Ultimately, the attacker triggered multiple exchange steps and cross-quoting operations, resulting in double liquidity counting and depleting the liquidity pool.

Scroll, a second layer network on Ethereum based on ZK Rollup, is investigating potential issues with Kyber deployed on Scroll. It is not yet known what has happened, but it is recommended that everyone exercise extreme caution.

According to Spot On Chain, KyberSwap has been attacked on multiple networks, including Arbitrum, Optimism, Ethereum, Polygon, and Base. The losses amount to $48.3 million, primarily including 16,217 ETH (worth $33.5 million), 3,987,332 ARB (worth $4.06 million), 591,441 OP (worth $1.03 million), and 1,111,926 DAI.

Attacker of KyberSwap left a message on the chain, saying, "Dear Kyberswap developers, employees, DAO members, and LPs, negotiations will begin in a few hours when I am fully rested."

On November 23, Kyber Network officially stated that KyberSwap Elastic users experienced a security incident. As a precaution, it strongly recommends that all users withdraw their funds immediately. The Kyber Network team is investigating this situation seriously and promises to keep users informed through regular updates.

DEX aggregator and liquidity platform KyberSwap has experienced abnormally large withdrawals on multiple chains, suspected to be a victim of an attack, with a total stolen amount of approximately $47 million.