Binance Identifies Suspects Who Stole From KyberSwap Whales

DeFi platform KyberSwap suffered a frontend security breach last week that allowed hackers to steal crypto from two whale wallets

by Shalini Nagarajan /
article-image

Source: Shutterstock

share
  • KyberSwap has offered a 15% bounty to its hackers if the stolen funds are returned
  • Binance previously helped recover funds stolen from Curve Finance and Axie Infinity

Binance may have helped crack last week’s $265,000 hack on decentralized exchange (DEX) platform KyberSwap.

Binance CEO Changpeng Zhao said on Saturday that his exchange’s security team identified two suspects behind the attack, and that their identities have been forwarded to the KyberSwap team. 

On Sept. 1, KyberSwap issued an alert to notify users that a hacker exploited a frontend vulnerability which led to the draining of two whale wallets on Ethereum and Polygon. 

Newsletter

Subscribe to The Breakdown

The team discovered malicious code in its Google Tag Manager (GTM) which led to fraudulent transaction approvals, which allowed a hacker to transfer user funds to their account. The GTM was then disabled, according to a blog.

“The script had been discreetly injected and specifically targeting whale wallets with large amounts,” KyberSwap said.

The DeFi platform, which doubles as both a DEX and a liquidity protocol, offered a 15% bounty (around $40,000) to the hacker if they returned the funds and spoke with the team. Compromised addresses would be fully compensated, the network said.

Loading Tweet..

Around the same time as the KyberSwap incident, privacy-focused startup ShadowFi also suffered a cyberattack leading to around $301,000 in losses. PeckShield identified the hacker as NeorderDAO, a little-known crypto collective whose website is now offline.

Binance has often shown commitment to helping out crypto projects. Last month, the exchange managed to recover a majority of the funds hackers stole from DeFi protocol Curve Finance. It also helped Axie Infinity recover nearly $6 million allegedly stolen by North Korean hacking unit Lazarus Group in April. 

DeFi hacks have been exploding in the past two years, hitting over $1.2 billion in the first quarter of this year alone, according to Immunefi. The Federal Bureau of Investigation recently warned against such exploits, saying cyber criminals are on the lookout to abuse the complexity of cross-chain functionality. 

Kyber’s KNC token has fallen 5% since the hack to $1.65, data from TradingView shows.

Get the news in your inbox. Explore Blockworks newsletters:

Tags

Newsletter

The Breakdown

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Digital Asset Summit 2026

Javits Center North | 445 11th Ave

Tues - Thurs, March 24 - 26, 2026

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

recent research

Research Report Templates (27).png

Research

Solana DEX Winners: All About Order Flow

Solana's spot trading landscape will remain bifurcated: prop AMMs will own the short-tail of highly liquid pairs, while passive AMMs continue drifting toward the long-tail. Both can win via vertical integration, but in opposite directions: passive AMMs are moving closer to users through token issuance platforms (e.g., Pump-PumpSwap, MetaDAO-Futarchy AMM), while prop AMMs are moving down the stack into transaction landing services and infrastructure (e.g., HumidiFi-Nozomi). The venues most at risk are legacy AMMs with limited end-user control and no durable, launch-driven source of order flow.

by Carlos Gonzalez Campo

/

news

article-image

0xResearch NewsletterMarkets

DePIN and crypto gaming led a surprising end-of-year rebound

BTC finished the week up 1.6%, while L2s, RWAs and the treasury trade continued to grind lower

by Kunal Doshi /
article-image

0xResearch NewsletterDeFi

Canton’s $6T RWA rails and Lighter’s Hyperliquid multiple

DTCC moves DTC-custodied Treasuries onchain via Canton, while Lighter’s LIT launches trading at a fees multiple in Hyperliquid territory

by Kunal Doshi&Shaunda Devens /
article-image

The Breakdown

The long wait for crypto’s “coffee pot” moment

In the 90s, rapt audiences worldwide watched a coffee pot — will that fascination ever turn to crypto?

by Byron Gilliam /
article-image

DeFiThe Breakdown

Failure is an option in crypto finance

Some systems improve by failing — and crypto has no choice

by Byron Gilliam /
article-image

0xResearch Newsletter

Yield Basis is making native BTC yield a reality

Yield Basis introduces an IL-free AMM design that already dominates BTC DEX liquidity

by Marc Arjoon /
article-image

The Breakdown

Users are the best investors to have

Maybe tokenholders don’t need the rights that corporate shareholders have come to expect

by Byron Gilliam /

Newsletter

The Breakdown

Decoding crypto and the markets. Daily, with Byron Gilliam.

Blockworks Research

Unlock crypto's most powerful research platform.

Our research packs a punch and gives you actionable takeaways for each topic.

SubscribeGet in touch

Blockworks Inc.

133 W 19th St., New York, NY 10011

Blockworks Network

NewsPodcastsNewslettersEventsRoundtablesAnalytics

Company

AboutAdvertiseCareersTrust & EthicsPrivacyGlossaryContact