Project name: KLAYswap
Project type: Exchange
Date of exploit: Feb 3, 2022
Asset loss: Around $1.9M
Vulnerability: BGP Hijack
Date of audit report publishing: Nov 25, 2020
Conclusion: Out of Audit Scope
Details of the Exploit
KLAYswap is a Defi project, providing token swapping and liquidity mining.
Nature of the Vulnerability
- It has been reported that KLAYswap was attacked by a BGP hijack. In this type of attack, the attackers manipulated the network flow and configured it in such a way that the users who were connected to KLAYswap could download malicious code from the server sent by the attacker instead of the normal Software Development Kit file or KakaoTalk. KakaoTalk is a popular South Korean instant messaging, marketing, and customer service application used by the cryptocurrency exchange platform.
- A BGP (Border Gateway Protocol) hijack is when an entity falsely claims to have the best route for Internet traffic to certain IP addresses. This can happen due to accidental misconfigurations or malicious intent. The consequences include misrouted internet traffic, potential for man-in-the-middle attacks, and possible internet downtime.
CertiK Audit Overview
On Feb 3, 2022, KLAYswap was attacked, leading to a loss of $1.9M. The attackers manipulated the network flow and configured it in such a way that the users who were connected to KLAYswap could download malicious code from the server.
The incident resulted from a BGP Hijack, unrelated to the smart contracts of KLAYswap.
BGP Hijacking: How Hackers Circumvent Internet Routing Security to Tear the Digital Fabric of Trust: https://www.certik.com/resources/blog/1NHvPnvZ8EUjVVs4KZ4L8h-bgp-hijacking-how-hackers-circumvent-internet-routing-security-to-tear-the
KLAYswap audit reports: https://github.com/KlaySwap/klayswap