KLAYSWAP

DESCRIPTION OF EVENTS

"A South Korean DeFi project." "Discover the potential of your assets, in KLAYswap." "A decentralized crypto asset finance protocol." "Manage your assets, directly from your wallet. Don't let your assets sleep in exchanges, put them to work in your wallet." "Profit gained every second that can be withdrawn at any time. Profits earned, 24 hours a day, 365 days. Never locked." "The future of digital asset management, favored by thousands of users." "KLAYswap is a decentralized autonomous protocol designed to raise the value of KSP, while automatically distributing KSP yields. The growth of KLAYswap and KSP occurs hand-in-hand, for improvement of the ecosystem through providing benefits for its users."

"The AMM (Automated Market Maker) protocol we are launching is a decisive DEX protocol that has now brought the Decentralized Finance (DeFi) market to the general public. Simply put, AMM is a protocol that supports immediate swapping between tokens by replacing the existing buy/sell orderbook structure with a Liquidity Pools created on- chain by liquidity providers."

"In KLAYswap, a complete on-chain instant swap protocol, traders can not only experience immediate transactions via liquidity pools, but also develop services by deciding the policy and direction of KLAYswap with the KSP governance token. In addition, users can receive various forms of compensation, including transaction fee revenue, for contributing to the growth of the protocol. Various people can participate in the KLAYswap ecosystem, including long-term investors who want to hold cryptocurrency for a long time, investors who want to earn income through commission fees, and miners who want to participate in KLAYswap governance through KSP mining."

"BGP is a gateway protocol that enables the internet to exchange routing information between autonomous systems. As networks interact with each other, they need a way to communicate. This is accomplished through peering, which BGP makes possible. Without it, networks would not be able to send and receive information with each other, Fortinet researchers say."

"Ozys, the entity who is in charge of developing KLAYswap, values product security as the utmost priority along with securing faith from users. Since KLAYswap is a representative decentralized financial protocol in Klaytn ecosystem, we have been devoting all our efforts and resources for the purpose of strengthening security through regular audits and protection measures."

"KLAYswap is having a security audit conducted by Certik, a globally renowned security audit agency. The KLAYswap protocol is comprised of and operates through a variety of smart contracts. A single, small vulnerability within a smart contract can lead to devastating accidents related to service availability and security. KLAYswap puts the safety of its users' transactions first, and is in the process of getting a security certification with Certik to assure safe protection against any possible security incidents in the near future."

"However, [on February 3rd], a malicious external attack has occurred due to the infection of SDK files from external sites, this did not originate from KLAYswap’s own front-end source code and smart contract security issues. We sincerely apologize for the trouble, and ask for a deep understanding from KLAYswap users."

"The hacker modified the third-party JavaScript link on the front end of KLAYswap, causing the user to download malicious malware when accessing the KLAYswap page. This enabled funds to be transferred to the hacker's wallet address when conducting token-related transactions."

"As explained in the previous post (Incident Report), the cause of this accident is that the Kakao SDK file was being connected to a third-party server built by the attacker, which was not a normal server, and was changed to malicious code files due to an attack on the external network. This means this didn’t originate from KLAYswap’s own front-end source code and smart contract security issues, and it was a case that KLAYswap is difficult to control."

"Based on the old version of the KLAYswap code(around January 4th), the attacker changed all transaction requests from users directly to their contracts, and changed the Kakao SDK script loaded on the KLAYswap site and created malicious code in the purpose of disrupting the operation of the existing KLAYswap code."

"The attack on KLAYswap was a BGP hijack, in which attackers manipulated the network flow and configured it so that the users connected to KLAYswap could download malicious code from the server sent by the attacker rather than the normal Software Development Kit file or KakaoTalk, a popular South Korean instant messaging, marketing and customer service application used by the cryptocurrency exchange platform."

"After analyzing this attack, the S2W TALON team observed that the BGP hijacking technique was used for the aforementioned external network attack. By manipulating the network flow through BGP Hijacking, the attacker configured users connected to KLAYswap to download malicious code from the attacker’s server rather than the normal SDK file."

"Dr. Xinxin Fan, IoTeX co-founder and head of blockchain, described how these dedicated, crafted attacks leverage the BGP hijack to inject malicious code into a user's browser and then steal the victim's funds. Fan, a cryptographer and a cybersecurity expert who has worked for Facebook and Google, tells Information Security Media Group: "Such an attack highlights that security is a multilayer issue and cryptocurrency platforms should apply the defense-in-depth approach to protect their customers' assets.""

"Based on the old version of the KLAYswap code(around January 4th), the attacker created malicious code to change all transaction requests of users in purpose of transferring or approving users’ token to the attacker’s contract. And even if a KLAYswap user normally requests, the function of the KLAYswap has been changed to prevent the operation of the existing clay KLAYcode and allow the attacker’s own malicious code file to be downloaded, not the normal SDK produced by Kakao. If a transaction occurs with the contaminated logic, it was designed so that the user’s asset was either approved or sent directly to the attacker’s address."

"Since the Kakao SDK file download path is connected with the HTTPS protocol, even if a BGP hijacking attack is performed, a response cannot be given because the certificate does not match. For this purpose, just before the attack, the attacker issued and registered a free temporary 3-month certificate for the developers[.]kakao.com domain through SSL certificate issuer called ZeroSSL. Because the routing policy was already manipulated by the BGP Hijacking, the attacker was able to register the certificate."

"From the attack target’s point of view, since the flow of the network is unilaterally changed without any issue between the server and the service, it encounters a situation in which no traffic is generated without a clear cause. The scope of this attack goes beyond the response range of general companies that cannot intervene in AS operations."

"From 82005544 block at 11:31:41 on February 3, 2022 (UTC+9), an initial suspicious transaction was executed in which tokens were sent to a specific wallet when executing token-related functions."

"The attack on both bands lasted a total of three hours until 13:04. For unknown reasons, the attacker stopped the attack on the 121.53.104.0/23 band, and from 13:28 the routing table started to be updated back to the original routing path before the attack. However, for the other contaminated band, 211.249.221.0/24, the update to the original routing path was not made until at least 5 pm, and it is estimated that the contamination was maintained which caused abnormal transactions until 18:01."

"Due to this attack, if a KLAYswap user requested a deposit, swap, withdrawal, etc. of assets in the 1.5 hour period beginning from 11:30 on February 3rd, assets were immediately transferred to the attacker. Analysis of the blockchain transactions indicates that while the stolen coins totaled in a value of about 2.2 billion won, the actual attacker stole coins with a value of about 1 billion won." "During this time, 407 suspicious transactions were found in 325 wallets linked to this incident."

"In order to prevent further damage from taking place, following measures were adopted. Upon identification of the incident, all functions of KLAYswap have been blocked, emergency inspections were conducted, and the operation of Klaytn minter in Orbit Bridge was restricted to prevent the transfer of stolen assets to other exchange platforms." "Along with restrictions on KLAYswap and Orbit Bridge functions, the contaminated Kakao SDK file, which is analyzed to be the main cause of the incident, was removed."

"As a result of a thorough analysis of accidents along with restrictions on KLAYswap and Orbit bridge functions, we confirmed that malicious code files, not normal SDKs produced by Kakao, were downloaded despite of the request of Kakao SDK through an ordinary route according to the guidelines from Kakao, and we have removed Kakao SDK loading from KLAYswap.In addition, we immediately identified KLAYswap user wallet addresses and asset lists that have been approved for smart contracts used by hackers, and completed additional development to unauthorize the asset lists that have been approved for the problematic contracts through the normalization of KLAYswap."

"We firstly apologize for the wait." "The website has gotten back to normal, and the protocol is safe."

"[KlaySwap] stated it was hacked and lost over 2.2 billion won, or about $1.83 million, in the incident." "Currently, the estimated damage is about 2.2 billion(KRW)." "The amount of damage of 2.2 billion won announced by KLAYswap is estimated to be the sum of the amounts transferred from each coin and token. When all these amounts are added together, it is $1,910,172.95, which is equivalent to about 2.28 billion won at the exchange rate of February 10, 2022."

"The total value of the tokens the attacker tried to swap is $1,396,861.24, and excluding the transactions rejected by Orbit, amounts to a value of $900,137.85. There is a difference of about 600 million won between the calculated actual value and Klaytn’s announcement, and it is estimated that it is because the amount of the Klay coin swapped with other tokens was added as a duplicate."

"After the attack occurred, the attacker did not perform the transfer of funds until 12:42:14 on February 3, 2022, and first swapped part of the stolen funds through the KLAYswap at 12:42:17 on February 3, 2022." "Afterwards, the attacker additionally swapped to KLAY-based tokens (KETH, KUSDT, KXRP, etc.), and finally confirmed that it was transferred to the FixedFloat* cryptocurrency exchange into coins such as Tether, Dai Stablecoin, and USD coin. It was impossible to confirm which swap occurred afterwards at the exchange."

"Users who accessed and continued to use KLAYswap before the time of the incident may still be exposed to the danger of exploitation of assets since unintended transactions can repeatedly occur as the malicious contract code remains. Since this issue cannot be handled by KLAYswap, the users must immediately delete the cache of their internet browser manually."

"To prevent further unexpected incident, we strongly recommend that users who created a transaction within KLAYswap at the time of the incident to replace the wallet with a new one. Please note that you should transfer a small amount first when you change the wallet. After securing the safety of transfer, transfer the remaining amount."

"Roger Grimes, data-driven defense evangelist at KnowBe4, says if a BGP exploit can be used to intercept critical data, it means the upper-layer protocols and applications are not configured correctly and suggests it's not hard to defeat BGP attacks."

"Grimes says that if integrity checks and encryption are implemented at the upper layers originating at the involved endpoints, the BGP intercept at most will causes temporary service interruption but won’t be able to eavesdrop on the involved data."

"It is a failure at the upper layers and the people who manage them that allows these types of attacks to happen. The owners of the BGP routers didn't implement any of the recommended offsets and the owners and managers of the upper-layer protocols and services also didn't implement recommended mitigations. It's a failure at both lower and upper levels," Grimes says.

"Grimes says it is unfortunate that more service implementers aren't paying attention and doing something about such attacks, since they have known about BGP hijack attacks for decades and mitigations for them exist."

"The second and most dangerous element of the attack was its neutralization of the Internet’s encryption defenses. While there is a moderate level of complexity associated with BGP hijacks, they do happen relatively often (some of the most egregious examples involve China Telecom routing about 15 percent of Internet traffic through its network for 18 minutes and Pakistan Telecom accidently taking down Youtube in a botched attempt at local censorship)."

"What is unprecedented in this attack (to our knowledge) is the complete bypassing of the cryptographic protections offered by the TLS protocol. TLS is the workhorse of encryption of the World Wide Web and is part of the reason the web is trusted with more and more secure applications like financial services and medical systems. Among other security properties, TLS is designed to protect the confidentiality and integrity of user data. TLS allows a web service and a client (like a user of KLAYswap) to securely exchange data even over a potentially untrusted network (like the adversary’s network in the event of this attack) and also ensure (in theory) they are talking to the legitimate endpoint."

"Yet, ironically, KLAYswap and Kakao were properly using TLS, and it was not a vulnerability in the TLS protocol that was exploited during the attack. Instead, the attack exploited the false trust that TLS places in the routing infrastructure. TLS relies on the Public Key Infrastructure (PKI) to confirm the identity of the web servers. The PKI is tasked with distributing digitally signed certificates that verify the server’s identity (in this case the domain name like developers.kakao.com) and the server’s cryptographic key. If a server presents a valid certificate, even if there is another network in the middle, a client can encrypt data that only the real server can read."

"Using its BGP hijack, the adversary first targeted the PKI and launched a man-in-the-middle attack on the certificate distribution process. Only after it had acquired a valid digital certificate for the target domain did it aim its attack towards real users by serving its malicious javascript file over an encrypted connection."

"Certificate Authorities (or CAs, the entities that sign digital certificates in the PKI) have a similar identity problem to the one in TLS connections. CAs are approached by customers with requests to sign certificates. The CA needs to make sure the customer requesting a certificate actually controls the associated domain name. To verify identity (and thus bootstrap trust for the entire TLS ecosystem), CAs perform domain control validation requiring users to prove control of the domain listed in their certificate requests. Since the server might be getting a TLS certificate for the first time, domain control validation is often performed over no-security-attached HTTP."

"But now we are back to square one: the adversary simply needs to perform a BGP hijack to attract the domain control validation traffic from the CA, pretend to be the victim website, and serve the content the CA requested. After receiving a signed certificate for the victim’s domain, the adversary can serve real users over the supposedly “secure” TLS connection. This is indeed what happened in the KLAYswap attack and makes the attack particularly scary for other secure applications across the Internet. The attackers hijacked developers.kakao.com, approached the certificate authority ZeroSSL, requested a certificate for developers.kakao.com, and served this certificate to KLAYswap users that were downloading the javascript library over presumably “secure” TLS."

"We sincerely apologize for what happened yesterday. We will make this right." "KLAYswap is committed to reversing the damages incurred regarding this recent incident." "On February 4, Ozys, a developer of KLAYswap, announced the compensation plan that preemptively recovers the monetary damages caused by this recent incident before identifying the exact problem necessary for the procedure and creating compensation funds based on responsibility."

"The accident period applicable to the compensation is tentatively 82005468 ~ 82028787 Blocks as of the current Klaytn, and compensation will be made to the wallet address that created transactions where the asset was transferred to the attacker’s address within those blocks. The compensation will be given as it is in the exact amount of lost tokens, and the procedure will be announced through an additional notice."

"Compensation for token lost will proceed in the same amount to the wallet address where the abnormal transfer was initiated. Please complete 'Unauthorizing token approval' before submitting your compensation application form." "Before submitting the compensation application, please check your wallet address, TXID, and the name and exact amounts of the tokens through Klaytn’s official explorer ‘Klaytnscope’." "After searching for your wallet address through ‘Klaytnscope,’ please check the TXID depending on the asset type. You can find the TXID on the Internal Transactions page for KLAY and the Token Transfers page for KIP-7."

"With this compensation, we would like to resolve the anxiety and difficulties experienced by those who have suffered damage. After this compensation, we will identify the exact problem related to this accident and establish a plan to prevent a recurrence. Finally, we will continue to build a safer and more reliable Decentralized Finance ecosystem as a responsible blockchain company."

KlaySwap suffered an advanced BGP hijack attack, when an adversary managed to modify the JavaScript on the site to a malicious version which changed all transactions into a request to send funds to them. In total, $1.9M was taken over a series of 407 transactions before the malicious code was removed. The KlaySwap team has created a recovery program for affected users to be able to submit claims if they were impacted and appears to be engaged in providing a full recovery.

SlowMist Hacked - SlowMist Zone (Jun 26)
KLAYswap (Mar 12)
Introduction - KLAYswap (Mar 12)
@KLAYswap Twitter (Mar 12)
Klayswap Compensation Guide (Mar 12)
Klayswap Incident Report Feb 03 2022 (Mar 12)
@KLAYswap Twitter (Mar 12)
Klayswap Compensation Plan (Mar 12)
@KLAYswap Twitter (Mar 12)
Klaytnscope (Mar 12)
Klaytnscope (Mar 12)
https://developers.kakao.com/sdk/js/kakao.min.js (Mar 12)
Crypto Exchange KLAYswap Loses $1.9M After BGP Hijack (Mar 12)
@web3isgreat Twitter (Mar 12)
Post Mortem Of Klayswap Incident Through Bgp Hijacking En (Mar 12)
Klaytnscope (Mar 12)
Klaytnscope (Mar 12)
Attackers exploit fundamental flaw in the web’s security to steal $2 million in cryptocurrency (Mar 12)
Crypto Customers On Klayswap Have Lost Money Due To A BGP Hijacking | Cryptocurrency Cyber News - YouTube (Mar 12)
South Korean DeFi project KLAYswap was hacked for US$1.83 million - Aliens: AI Crypto News & Markets Updates (Mar 12)
Attackers exploit flaw in web’s security to steal $2M in cryptocurrency | Hacker News (Mar 12)
Post Mortem of KlaySwap Incident through BGP Hijacking : blueteamsec (Mar 12)
KLAYswap Advantages - KLAYswap (Mar 12)

More case studies

Wormhole Network Signature
Validation Loophole

PayBito Customer
Data Breach