Blockchain security firm Cyvers has detected a $50 million move in HAXcoin (HXA), the native utility token of the Herencia Artifex non-fungible token project, linked to the KyberSwap exploiter.
The KyberSwap exploiter's address obtained these tokens from an Ethereum address using a "transfer function."
Decentralized application users often use the “roll-out” feature. It refers to a mechanism by which one party (the sender) can transfer or send tokens from the balance of another party (the owner) to a third-party address. However, improper use or vulnerabilities in the implementation of such functionality can lead to security issues. Cyvers said the security flaw is related to a potential flaw in the Multicall feature, which is part of the ThirdWeb library used in the HXA token smart contract. It raised the idea in its report and encouraged stakeholders to participate in the investigation to fully understand the scope and consequences of the vulnerability.
The Cyvers team said the funds obtained by the KyberSwap exploit were dispersed among various externally owned accounts, which are now believed to be the largest holders of HXA tokens.
Cryptocurrency exchange MEXC has temporarily suspended HXA token withdrawals and deposits. However, according to the exchange, the suspension is not directly related to security concerns about a hack, but rather to HXA’s on-chain operational anomalies. In another twist to the story, HXAcoin’s official website hxacoin.io is currently inaccessible, leaving investors and stakeholders without official information and updates.
Last month, hackers stole approximately $46 million in crypto assets from the decentralized KyberSwap exchange.
