Blockchain security firm Cyvers detected a movement of $50 million in HAXcoin (HXA), the native utility token of the Herencia Artifex nonfungible token project, linked to the KyberSwap exploiter.
The KyberSwap exploiter’s address got these tokens from an Ethereum address using the “transfer from function.”
Decentralized application users commonly use the “transfer from” function. It refers to a mechanism by which one party (sender) can transfer or send tokens from the balance of another party (owner) to a third-party address. However, improper use or vulnerabilities in implementing such functions can lead to security concerns.
ALERTOur system has detected an abnormal transaction related to the @KyberNetwork exploiter.
— Cyvers Alerts (@CyversAlerts) December 8, 2023
The address funded by the @KyberNetwork exploiter has received $50M worth of $HXA from the 0x0..000dEaD $ETH address using transferfrom function!
Address: https://t.co/byZyFaorNA.… pic.twitter.com/2SUHuNXqEN
Cyvers says the security breach is related to a potential flaw in the Multicall function, which is part of the thirdweb libraries utilized in the HXA token’s smart contract. It has proposed this idea in its report and encourages interested parties to participate in the investigation to understand the exploit’s scope and consequences comprehensively.
The Cyvers team said that the KyberSwap exploiter’s acquired funds were spread across various externally owned accounts now recognized as the top HXA tokenholders.
Cryptocurrency exchange MEXC has temporarily halted HXA token withdrawals and deposits. However, the halt is not directly tied to security worries about the hack but rather the abnormal on-chain operation of HXA, according to the exchange.
Related: KyberSwap announces treasury grants for hack victims
In yet another twist to the tale, the official website of the HXAcoin, hxacoin.io, is currently inaccessible, leaving investors and stakeholders locked out of official information and updates.
Hackers drained about $46 million in crypto assets from the decentralized KyberSwap exchange last month.
Magazine: Blockchain detectives: Mt. Gox collapse saw birth of Chainalysis