Kinto released a review report on the K attack incident, planning to migrate contracts and restore user assets.
Techub News reports that Ramon Recuero, the founder of the Arbitrum ecosystem modular trading platform Kinto, has released a detailed recap report on the K Token hacking incident. The attack originated from a hidden backdoor vulnerability in the ERC-1967 Proxy standard, which allowed the attacker to bypass blockchain explorer detection, upgrade the K proxy contract on Arbitrum, and mint unlimited tokens. Subsequently, approximately 1.55 million dollars in liquidity was extracted from Uniswap V4 and Morpho Blue.
Kinto stated that the vulnerability exists in the widely used OpenZeppelin Proxy template, which was not written by the Kinto team. The Kinto L2 network, wallet SDK, and abstract infrastructure are not affected, and users’ other assets on Kinto are also unaffected. The project team will take the following remedial measures, including deploying new K contracts: launching a reinforced new contract on Arbitrum; asset recovery: taking a snapshot of on-chain and CEX exchange addresses at the block before the attack (356170028) to restore all Token balances; restarting Liquidity: conducting small-scale financing to inject new liquidity into the Uniswap pool and restoring CEX trading at pre-attack prices; Morpho compensation plan: providing borrowers with a 90-day repayment period, and the team will cover the remaining gap; speculator compensation mechanism: providing a proportionate distribution of new K compensation windows for users who purchased before the announcement after the attack.
