The KyberSwap hacker used a complex “infinite money glitch” to drain $46 million from the protocol, according to a recent analysis by a DeFi industry expert. In other news, the 2022 FTX collapse and Binance’s recent $4.3 billion settlement with the United States government bolster the argument for the provisions of the European Union’s Markets in Crypto-Assets Regulation (MiCA), a European Commission official said in an interview. Meanwhile, U.S. prosecutors aren’t keen on former Binance CEO Changpeng “CZ” Zhao leaving the country and asked a judge to block him.
KyberSwap hacker used “infinite money glitch” to steal funds
A DeFi expert has weighed in on the recent $46 million KyberSwap attack.
Ambient exchange founder Doug Colkitt took to X (formerly Twitter) to explain how the attacker carried out “the most complex and carefully engineered smart contract exploit I’ve ever seen.” Based on Colkitt’s analysis, the attacker exploited the “infinite money glitch” and took advantage of KyberSwap’s unique liquidity implementation. That’s how they tricked the contract into believing it had more liquidity than it actually had, he said.
1/ Finished a preliminary deep dive into the Kyber exploit, and think I now have a pretty good understanding of what happened.
This is easily the most complex and carefully engineered smart contract exploit I’ve ever seen…
— Doug Colkitt (@0xdoug) November 23, 2023
The exploit “is specific to Kyber’s implementation of concentrated liquidity and probably will not work on other DEXs,” Colkitt explained. Based on his analysis, the exploit was carried out in multiple steps, beginning with the attacker borrowing 10,000 wrapped Ether from Aave.
KyberSwap’s total value locked (TVL) plunged by 68% shortly after the attack, reaching a low of around $27 million. TVL was as high as $134 million this year.
FTX collapse, Binance’s U.S. settlement provide strong case for MiCA regulations
The collapse of FTX in 2022 and Binance’s recent $4.3 billion settlement with U.S. authorities provide a strong argument for the provisions of the European Union’s MiCA regulations, a European Commission official said in an interview.
Ivan Keller, policy officer for the European Commission, spoke to Cointelegraph at the MoneyLIVE conference in Amsterdam. News of Binance’s high-profile settlement with the U.S. Department of Justice broke the night before Keller’s keynote and served as a pertinent reflection point for MiCA’s full-scale application in 2024.
“I think we’ve had several unfortunate confirmations that kind of go down that path of robust regulation. FTX was definitely one of the big ones, and now recently with Binance,” Keller explained.
“Our position is that this rule book would mitigate some of the risks and, importantly, give regulators more clear-cut levers and powers supervising these entities so they can also mitigate those risks.”
MiCA entered into force in June 2023, but the application of rules governing “asset-referenced tokens” and “e-money tokens,” which largely fall under the umbrella of stablecoins, is expected to take effect in June 2024.
U.S. wants CZ to stay in country
CZ is a flight risk and shouldn’t be allowed to leave the U.S. for Dubai ahead of his sentencing in February, say U.S. prosecutors.
In a filing to a Seattle federal court, prosecutors asked a judge to review and overturn a decision allowing Zhao to return to the United Arab Emirates (UAE) on a $175 million bond under the condition he comes back to the U.S. two weeks before his sentencing.
If Zhao decided not to come back to the U.S., the government “would not be able to secure his return” due to his favored status in the UAE, the country’s lack of an extradition treaty with the U.S. and his wealth — which is held away from U.S. jurisdiction and vast enough for him to live o indefinitely.
“He has three young children and a partner in the UAE; once in the UAE and faced with the prospect of traveling back to the United States to face up to 18 months in prison, he may elect to instead simply stay in the UAE with his family.”
Zhao recently confessed to failing to maintain an effective Anti-Money Laundering program at Binance, and part of his plea agreement saw him step down as CEO of the exchange and pay a $50 million fine.
This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.