Blockchain security firm Cyvers has identified a movement of $50 million in HXA tokens, the native utility token of the Herencia Artifex NFT project, connected to the KyberSwap exploiter. The funds were traced to an Ethereum address utilizing the “transfer from” function, raising concerns about the security of decentralized applications (DApps).
The exploiter’s address acquired the HXA tokens through the “transfer from” mechanism, a common feature used by DApp users. This function allows one party to transfer tokens from the balance of another party to a third-party address. However, vulnerabilities or improper use of such functions can lead to security breaches.
Cyvers suggests that the security breach is related to a potential flaw in the Multicall function, part of the Thirdweb libraries used in the HXA token’s smart contract. The firm has outlined this theory in its report and encourages interested parties to join the investigation to gain a comprehensive understanding of the exploit’s scope and consequences.
The acquired funds by the KyberSwap exploiter have been dispersed across various externally owned accounts (EOAs), now identified as the top HXA token holders. Cryptocurrency exchange MEXC has temporarily suspended HXA token withdrawals and deposits. However, the suspension is not directly linked to security concerns regarding the hack but is attributed to abnormal on-chain operations of HXA, according to the exchange.
In a twist to the narrative, the official website of the HXA coin, hxacoin.io, is currently inaccessible, leaving investors and stakeholders locked out of official information and updates. No explanation for the website’s inaccessibility has been provided at this time.
This incident comes on the heels of a significant hack last month, where hackers drained approximately $46 million in crypto assets from the decentralized KyberSwap exchange. The broader implications of these security issues underscore the importance of thorough investigations and heightened security measures within the crypto space to protect user assets and maintain trust in the decentralized ecosystem.