KyberSwap Exploited in $46 Million Attack Due to ‘Infinite Money Glitch’

cryptonews.com:

According to Ambient Exchange founder Doug Colkitt, KyberSwap’s $46 million hack was “the most complex and carefully engineered smart contract exploit” and confirmed that what happened was an infinite money glitch.

In a detailed thread on X dated November 23, Colkitt outlined the intricacies of the attack, shedding light on the methods employed by the attacker.

1/ Finished a preliminary deep dive into the Kyber exploit, and think I now have a pretty good understanding of what happened.

This is easily the most complex and carefully engineered smart contract exploit I've ever seen…

— Doug Colkitt (@0xdoug) November 23, 2023

Colkitt explained that the attacker exploited a distinctive implementation of KyberSwap’s concentrated liquidity feature, manipulating the contract to believe it possessed more liquidity than it actually did. To explain the intricacies of the attack, and with the attacks following similar strategies employed by the attacker across other pools, Colkitt focused on the first attack, which targeted the ETH/wstETH pool.

The process began with a flash loan of 10,000 wstETH, valued at $23 million at the time. Subsequently, 2,800 wstETH (equivalent to $6 million) was swapped into the pool to alter the price from 1.05 ETH to 0.0000152. Unlike typical flash loans, the goal here was not to manipulate an oracle but to move the pool price to an area on the concentrated liquidity curve with zero existing liquidity.

This precise manipulation of Kyber’s concentrated liquidity math created an opportunity for the attacker to exploit the system. The attacker generated 3.4 wstETH of liquidity in a specific price range and then inexplicably burned 0.56 wstETH of liquidity, possibly to align subsequent numerical calculations