KyberSwap announces potential vulnerability, tells LPs to withdraw ASAP

Only Kyberswap Elastic funds are said to be at risk, with the developer stating that so far, no funds have been lost.

Kyber Network, the developer of the Kyberswap Elastic decentralized crypto exchange, announced on April 17 that there is a potential vulnerability in the exchange’s contracts. It has advised all liquidity providers to remove their funds as soon as possible.

The developer has stated that no funds have been lost. However, it has advised liquidity providers (LPs) to remove their funds as a precaution. Only Kyberswap Elastic funds are at risk. Kyberswap Classic smart contracts do not contain the vulnerability, the team said.

In a separate message, the team stated that farming rewards have been temporarily suspended until a new smart contract can be deployed. All rewards earned prior to 18 April 2023, 11pm (GMT+7) have already been dispersed and are unaffected by this pause.

The developer has stated that it will update the community soon with an explanation as to when funds can be safely deposited back into the protocol.

According to its official documents, KyberSwap Elastic is a decentralized exchange (DEX) that allows LPs to provide “concentrated liquidity.” Instead of requiring them to provide liquidity for any price point, it allows them to decide a price ceiling and price floor for the tokens they deposit into the pool.

Related: Binance identifies KyberSwap hack suspects, involves law enforcement

If the price moves below the floor or above the ceiling, LPs no longer receive fees. However, they receive higher fees if the price stays within the range they have set. This is contrast to the DEXs previous incarnation, KyberSwap Classic, which does not allow for concentrated liquidity.

The user interface for Kyberswap was hacked in September, and an attacker got away with $265,000 worth of crypto as a result of it.