Recently, a significant movement of $50 million in HAXcoin (HXA), the native token of the Herencia Artifex NFT project, has been linked to the KyberSwap exploiter. This event has raised concerns about blockchain security and highlighted potential vulnerabilities in decentralized applications.
About the Case
The KyberSwap exploiter acquired the HXA tokens from an Ethereum address using the “transfer from function.” This function allows one party to move tokens from the balance of another party to a third-party address. However, misuse or vulnerabilities in implementing such functions can lead to security breaches, as seen in this case.
Cyvers, a blockchain security firm, identified a potential flaw in the Multicall function, part of the thirdweb libraries used in the HXA token’s smart contract. This flaw is believed to have contributed to the security breach. Cyvers has called for a comprehensive investigation to understand the exploit’s full scope and consequences.
Consequences and Actions Taken
The funds obtained by the KyberSwap exploiter have been distributed across multiple externally owned accounts, now recognized as top HXA tokenholders. Cryptocurrency exchange MEXC has temporarily suspended HXA token withdrawals and deposits due to abnormal on-chain operations, although the halt isn’t directly linked to security concerns from the hack.
Additionally, the official website of HXAcoin, hxacoin.io, is inaccessible at present, leaving investors and stakeholders without access to official updates and information.
This recent security breach involving the KyberSwap exploiter and the movement of $50 million in HXA tokens highlights the importance of robust blockchain security measures. As investigations continue, stakeholders should remain vigilant and await updates from relevant authorities and platforms.
How did the KyberSwap exploiter acquire the HXA tokens?
The exploiter used the “transfer from function” on an Ethereum address, allowing them to move tokens from another party’s balance to a third-party address. This function, if improperly implemented or misused, can lead to security vulnerabilities.
What role did the Multicall function play in the security breach?
Cyvers identified a potential flaw in the Multicall function, part of the thirdweb libraries in the HXA token’s smart contract. This flaw is believed to have contributed to the exploit, prompting the call for a comprehensive investigation.
Why has MEXC suspended HXA token withdrawals and deposits?
MEXC temporarily halted HXA token transactions due to abnormal on-chain operations, although this suspension isn’t directly tied to security concerns stemming from the hack. The exchange is likely taking precautionary measures until further clarity is obtained regarding the situation.