Cyvers, a firm specializing in blockchain security, identified a $50 million transaction involving HAXcoin (HXA), the native utility token of the Herencia Artifex nonfungible token project, which was associated with the KyberSwap exploiter.
The tokens were transferred from an Ethereum address to the address of the KyberSwap exploiter via the “transfer from function.” Users of decentralized applications frequently employ the “transfer from” function.
It pertains to a process through which tokens can be transferred or dispatched from the balance of one party (sender) to a third-party address from the balance of another party (owner).
However, implementation flaws or improper use of such functions may give rise to security concerns. The security compromise, according to Cyvers, is attributable to a possible vulnerability in the Multicall function, which is a component of the third-party libraries used in the smart contract for the HXA token.
This concept was suggested in its report, and interested parties are encouraged to participate in the investigation in order to gain a comprehensive understanding of the exploit’s scope and repercussions.
According to the Cyvers team, the KyberSwap exploiter distributed the funds among a number of externally owned accounts that are now known to be the primary holders of HXA tokens. MEXC, a cryptocurrency exchange, has halted HXA token deposits and withdrawals temporarily.
According to the exchange, the suspension is not directly related to security concerns regarding the hack but rather to the atypical on-chain functioning of HXA. Further complicating matters, the official HXAcoin website, hxacoin.io, is presently inaccessible, depriving stakeholders and investors of official updates and information.
Last month, approximately $46 million in crypto assets were compromised on the decentralized KyberSwap exchange by hackers.