Binance Identifies Suspects Who Stole From KyberSwap Whales

DeFi platform KyberSwap suffered a frontend security breach last week that allowed hackers to steal crypto from two whale wallets

article-image

Source: Shutterstock

share

key takeaways

  • KyberSwap has offered a 15% bounty to its hackers if the stolen funds are returned
  • Binance previously helped recover funds stolen from Curve Finance and Axie Infinity

Binance may have helped crack last week’s $265,000 hack on decentralized exchange (DEX) platform KyberSwap.

Binance CEO Changpeng Zhao said on Saturday that his exchange’s security team identified two suspects behind the attack, and that their identities have been forwarded to the KyberSwap team. 

On Sept. 1, KyberSwap issued an alert to notify users that a hacker exploited a frontend vulnerability which led to the draining of two whale wallets on Ethereum and Polygon. 

The team discovered malicious code in its Google Tag Manager (GTM) which led to fraudulent transaction approvals, which allowed a hacker to transfer user funds to their account. The GTM was then disabled, according to a blog.

“The script had been discreetly injected and specifically targeting whale wallets with large amounts,” KyberSwap said.

The DeFi platform, which doubles as both a DEX and a liquidity protocol, offered a 15% bounty (around $40,000) to the hacker if they returned the funds and spoke with the team. Compromised addresses would be fully compensated, the network said.

Loading Tweet..

Around the same time as the KyberSwap incident, privacy-focused startup ShadowFi also suffered a cyberattack leading to around $301,000 in losses. PeckShield identified the hacker as NeorderDAO, a little-known crypto collective whose website is now offline.

Binance has often shown commitment to helping out crypto projects. Last month, the exchange managed to recover a majority of the funds hackers stole from DeFi protocol Curve Finance. It also helped Axie Infinity recover nearly $6 million allegedly stolen by North Korean hacking unit Lazarus Group in April. 

DeFi hacks have been exploding in the past two years, hitting over $1.2 billion in the first quarter of this year alone, according to Immunefi. The Federal Bureau of Investigation recently warned against such exploits, saying cyber criminals are on the lookout to abuse the complexity of cross-chain functionality. 

Kyber’s KNC token has fallen 5% since the hack to $1.65, data from TradingView shows.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

recent research

Research Report Templates.png

Research

Ethena Labs is leaping from its flagship synthetic dollar, USDe, to a full product suite—USDtb, iUSDe, and the Arbitrum-based Converge Chain—designed to marry crypto-native yields with TradFi-grade compliance. Our analysis shows how expanding into CME, ETF options, and tokenized Treasuries could lift protocol revenue from sub-$500 million in a bear case to several billion dollars if favorable regulation and institutional adoption align.

article-image

The L1’s Interwoven Stack is the most opinionated tech stack yet

article-image

Bitcoin is still rising, 11 years after the documentary film The Rise and Rise of Bitcoin

article-image

Arch Labs CEO told Blockworks that the team plans to launch a native token, but declined to give details

article-image

CEO Mike Silagadze tells Blockworks that the US is “open for business” and why its DeFi bank offering is the first of many

article-image

Doing one thing well and leaving everything else out is often what disruptive technologies do best