On November 21, 2023, the decentralized exchange aggregator KyberSwap fell victim to one of the most technically sophisticated exploits of the year, resulting in the loss of approximately $56 million across multiple blockchain networks. The attack targeted KyberSwap Elastic, the platform’s concentrated liquidity protocol, and exposed a critical vulnerability in the tick-based swap mechanism that had gone undetected despite prior code audits.
The Exploit Mechanics
The root cause of the KyberSwap Elastic exploit lay in a subtle discrepancy between the cross-tick estimation and the final price calculation within the swap mechanism. KyberSwap Elastic used concentrated liquidity, similar to Uniswap v3, where liquidity levels vary at different price points defined by “ticks.” The vulnerability emerged when swaps crossed tick boundaries — the system failed to properly recalculate liquidity after crossing a tick, a flaw exacerbated by a rounding error in the math.
The primary exploiter began by manipulating the pool price outside of the current liquidity zone, establishing a clean initial state. From there, the attacker executed a carefully sequenced series of swaps that exploited the double-counting of liquidity across tick boundaries. By precisely timing the cross-tick operations, the exploiter could withdraw significantly more tokens than the actual liquidity should have allowed.
The attack was not a simple reentrancy exploit or a flash loan manipulation. Instead, it required deep understanding of the concentrated liquidity math and the specific implementation quirks of KyberSwap’s Elastic protocol. The sophistication of the attack suggested a highly skilled attacker — later identified as Andean Medjedovic, a mathematician — who spent weeks studying the code to identify the rounding discrepancy.
Affected Systems
The exploit impacted KyberSwap Elastic liquidity pools across multiple blockchain networks, including Ethereum, Polygon, Arbitrum, Optimism, Avalanche, and Base. In total, 2,367 unique liquidity providers were affected. The stolen assets included a mix of USDC, WETH, WBTC, and other tokens, with an estimated total value of $56.2 million at the time of the exploit.
Of the total losses, approximately $48.7 million was taken by the primary exploiter, while $6.6 million was extracted by front-running bots that detected the unusual on-chain activity and mimicked the attack pattern. KyberSwap’s team was later able to recover approximately $5.7 million from these front-running bots through on-chain negotiations and recovery efforts.
The attack also left approximately $706,000 in locked affected assets — funds that became temporarily inaccessible due to the exploited pool states. KyberSwap subsequently initiated a Treasury Grant Plan to compensate affected liquidity providers for their losses.
The Mitigation Strategy
Upon detecting the exploit, KyberSwap immediately suspended liquidity additions to all affected pools and extended the suspension to all KyberSwap Elastic liquidity pools as a precautionary measure. User alerts were issued across all communication channels, and the team began extensive recovery efforts.
The KyberSwap team published a detailed post-mortem on their official blog, outlining the technical vulnerability and the attack dynamics. They engaged with blockchain security firms and on-chain investigators to trace the stolen funds. The primary exploiter initially communicated with the KyberSwap team through on-chain messages, but negotiations proved fruitless.
In the aftermath, KyberSwap introduced the Treasury Grant Plan, committing platform treasury funds to partially reimburse affected users. The protocol also implemented comprehensive fixes to the tick-based swap mechanism, adding additional checks for consistency between cross-tick estimation and final price calculations.
Lessons Learned
The KyberSwap exploit underscores a critical reality in DeFi: even protocols that have undergone professional code audits can harbor subtle vulnerabilities. The rounding error at the heart of this exploit was not caught by prior audit efforts, highlighting the limitations of current smart contract auditing practices.
Several key lessons emerge from this incident. First, concentrated liquidity protocols require exceptionally rigorous mathematical verification, particularly around edge cases involving tick boundary crossings. Second, the speed at which front-running bots replicated the attack demonstrates that any publicly visible exploit will be rapidly copied — making rapid response protocols essential. Third, the Treasury Grant Plan model offers a template for how DeFi protocols can take responsibility for user losses, even when they are technically the result of exploits rather than protocol mismanagement.
For liquidity providers, the incident serves as a reminder that providing liquidity in concentrated liquidity protocols carries unique risks that differ from traditional AMM models. The ability to set custom price ranges introduces additional attack surfaces that must be carefully evaluated.
User Action Required
If you were a KyberSwap Elastic liquidity provider affected by this exploit, you should check the official KyberSwap blog and communication channels for updates on the Treasury Grant Plan. Ensure that you have revoked any outstanding token approvals to KyberSwap Elastic contracts. Consider diversifying your liquidity provision across multiple protocols to reduce exposure to single-point failures, and always verify that the protocols you use have undergone multiple independent security audits from reputable firms.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before engaging with any DeFi protocol.
a rounding error drained 56 million. entire bridges have been lost to less sophisticated attacks.
the sophistication was in the multi-step manipulation before the rounding even mattered. attacker set up the pool state perfectly
exactly. the rounding was the cherry on top. the real exploit was the state manipulation that made the rounding exploitable in the first place
The fact that multiple audits missed the tick boundary recalculation bug is terrifying. What exactly are we paying auditors for?
audits are snapshots, not guarantees. but you’d think basic math edge cases would be in scope for any concentrated liquidity review
audits check for known patterns. tick boundary rounding in concentrated liquidity is genuinely novel math. uniswap v3 had similar close calls. the real failure was no economic security review
exactly. you can audit every function in isolation and they pass. the bug only surfaces when you chain specific swaps across ticks in a particular order
auditors test against known vulnerability patterns. a novel rounding edge case at tick boundaries is exactly the kind of thing that slips through
Lisa Chen its not that auditors are useless, its that concentrated liquidity math is genuinely novel research. no audit framework exists for economic invariant testing across tick boundaries
to be fair, concentrated liquidity tick math is genuinely hard. uniswap v3 had similar edge cases found after launch
uniswap v3 had similar tick edge cases but never got exploited at this scale. kyber copied the math without the same scrutiny
the attacker manipulated pool state across 7 chains before the final rounding exploit. people focus on the math bug but the operational setup was the real sophistication
56M across multiple chains in one tx sequence. the cross-chain liquidity fragmentation made recovery impossible
the attacker manipulated pool state across 7 chains simultaneously. coordinating that much gas spend takes serious planning
tick_boundary_ 7 chains simultaneously means the attacker had flashloan infrastructure ready on each one. thats not a solo hacker thats organized infra