Blockchain security firm Cyvers detected a movement worth $50 million linked to a hack attack on KyberSwap involving local service tokens of the NFT project Herencia Artifexc. The Cyvers team shared screenshots detailing the movement.
Notable Post Targeting the Hacker
In a post by the Cyvers team, it was revealed that the KyberSwap hacker obtained the tokens in question using the “transfer from function”, receiving them from an Ethereum address. Typically, decentralized application (DApp) users often employ the “transfer from” function.
This function means that the sender can transfer or send tokens from another party’s balance to a third-party address. However, misuse or security vulnerabilities in implementing such functions can cause security concerns for users.
What Happened After the Attack?
Cyvers explained that the security breach was potentially related to a flaw in the Multicall function, part of the Thirdweb libraries used in the smart contract of the HXA token. In a published report, the team suggested this idea and encouraged relevant parties to participate in the investigation to fully understand the scope and consequences of the exploitation.
The Cyvers team stated that the funds obtained by the KyberSwap hacker have now been distributed to various externally owned accounts (EOAs), recognized as the largest HXA token holders. Cryptocurrency exchange MEXC temporarily halted withdrawal and deposit operations for the HXA token as a precautionary measure. However, according to the exchange, this suspension is due not to direct security concerns related to the hack attack, but to abnormal on-chain operation of HXA.
Currently, access to hxacoin io, the official website of the HXA token, is unavailable, leaving investors and individual users deprived of official information and updates. The lack of any statement regarding this situation has become another point of discussion. Last month, hackers seized crypto assets worth about $46 million in a hack attack on the decentralized KyberSwap exchange.
