Back to all stories
Blogs
Incident Analysis
BGP Hijacking: The $1.9M KLAYswap Attack Through Manipulated Network Flow
1/8/2024
BGP Hijacking: The $1.9M KLAYswap Attack Through Manipulated Network Flow

Project name: KLAYswap

Project type: Exchange

Date of exploit: Feb 3, 2022

Asset loss: Around $1.9M

Vulnerability: BGP Hijack

Date of audit report publishing: Nov 25, 2020

Conclusion: Out of Audit Scope

Details of the Exploit

Background

KLAYswap is a Defi project, providing token swapping and liquidity mining.

Nature of the Vulnerability

  • It has been reported that KLAYswap was attacked by a BGP hijack. In this type of attack, the attackers manipulated the network flow and configured it in such a way that the users who were connected to KLAYswap could download malicious code from the server sent by the attacker instead of the normal Software Development Kit file or KakaoTalk. KakaoTalk is a popular South Korean instant messaging, marketing, and customer service application used by the cryptocurrency exchange platform.
  • A BGP (Border Gateway Protocol) hijack is when an entity falsely claims to have the best route for Internet traffic to certain IP addresses. This can happen due to accidental misconfigurations or malicious intent. The consequences include misrouted internet traffic, potential for man-in-the-middle attacks, and possible internet downtime.

CertiK Audit Overview

N/A

Conclusion

On Feb 3, 2022, KLAYswap was attacked, leading to a loss of $1.9M. The attackers manipulated the network flow and configured it in such a way that the users who were connected to KLAYswap could download malicious code from the server.

The incident resulted from a BGP Hijack, unrelated to the smart contracts of KLAYswap.

References

BGP Hijacking: How Hackers Circumvent Internet Routing Security to Tear the Digital Fabric of Trust: https://www.certik.com/resources/blog/1NHvPnvZ8EUjVVs4KZ4L8h-bgp-hijacking-how-hackers-circumvent-internet-routing-security-to-tear-the

KLAYswap audit reports: ​​https://github.com/KlaySwap/klayswap