CertiK Logo
CertiK Logo
Products
Blogs
Company
incident-response

Products & Technology

Featured Ecosystems

Company

English
Back to all stories
Blogs
Incident Analysis
BGP Hijacking: The $1.9M KLAYswap Attack Through Manipulated Network Flow
1/8/2024
BGP Hijacking: The $1.9M KLAYswap Attack Through Manipulated Network Flow

Project name: KLAYswap

Project type: Exchange

Date of exploit: Feb 3, 2022

Asset loss: Around $1.9M

Vulnerability: BGP Hijack

Date of audit report publishing: Nov 25, 2020

Conclusion: Out of Audit Scope

Details of the Exploit

Background

KLAYswap is a Defi project, providing token swapping and liquidity mining.

Nature of the Vulnerability

  • It has been reported that KLAYswap was attacked by a BGP hijack. In this type of attack, the attackers manipulated the network flow and configured it in such a way that the users who were connected to KLAYswap could download malicious code from the server sent by the attacker instead of the normal Software Development Kit file or KakaoTalk. KakaoTalk is a popular South Korean instant messaging, marketing, and customer service application used by the cryptocurrency exchange platform.
  • A BGP (Border Gateway Protocol) hijack is when an entity falsely claims to have the best route for Internet traffic to certain IP addresses. This can happen due to accidental misconfigurations or malicious intent. The consequences include misrouted internet traffic, potential for man-in-the-middle attacks, and possible internet downtime.

CertiK Audit Overview

N/A

Conclusion

On Feb 3, 2022, KLAYswap was attacked, leading to a loss of $1.9M. The attackers manipulated the network flow and configured it in such a way that the users who were connected to KLAYswap could download malicious code from the server.

The incident resulted from a BGP Hijack, unrelated to the smart contracts of KLAYswap.

References

BGP Hijacking: How Hackers Circumvent Internet Routing Security to Tear the Digital Fabric of Trust: https://www.certik.com/resources/blog/1NHvPnvZ8EUjVVs4KZ4L8h-bgp-hijacking-how-hackers-circumvent-internet-routing-security-to-tear-the

KLAYswap audit reports: ​​https://github.com/KlaySwap/klayswap

Related Stories
Prisma Finance Incident Analysis
Blogs
Incident Analysis
On 28 March, Prisma Finance was exploited by multiple addresses leading to a loss of approximately $12.3 million. Three attackers took advantage of a vulnerability in the Prisma Finance MigrateTroveZap contract which allowed them to manipulate a migration process. Since the exploit occurred, a wallet that received funds from the main exploiter has reached out to the Prisma Finance deployer declaring that their actions were a white hat rescue.
3/29/2024
Post Mortem: Hector Network
Blogs
Incident Analysis
In light of the $2.7 million withdrawal incident from Hector Network's contract, we have gathered all the relevant information and are committed to maintaining transparency with the public.
1/17/2024
Lending Rate Manipulation: Investigating the FilDA Finance Attack
Blogs
Incident Analysis
On April 22, 2023, FilDA Finance was attacked, leading to a loss of around $700K. The attacker manipulated the exchange rate in the lending pool and drained funds from it.
1/8/2024
CertiK Logo
SOC
© 2024 by CertiK. All Rights Reserved.
Products & Technology
Smart Contract AuditSkynetSecurity ScoreKYCPenetration TestingBug BountyFormal VerificationAdvisory ServicesSkyHarborSkyInsights
Company
AboutVenturesBlogCareersDisclaimerPrivacy PolicyCookie PolicyTerms and ConditionsTrust and Security
Social Media
CertiKSecurity LeaderboardCertiK AlertTelegramYoutube
MediumLinkedIn
Wechat
Discord
MediumLinkedIn
Wechat
Discord
© 2024 by CertiK. All Rights Reserved.
;