Just two months after the exploit, Kinto\u2019s K token dropped sharply on the news, wiping out the remaining value it had recovered.\n<\/p>\n
Ethereum Layer 2 (L2<\/a>) network Kinto, which focused on compliance, is shutting down two months after an exploit drained millions from the protocol, and wiped out 90% of its token\u2019s value.<\/p>\n In an X thread<\/a> on Sunday, Sept. 7, the Kinto co-founder Ramon Recuero said that the team \u201ctried everything to come back,\u201d but the damage from the hack and the loss of trust afterward proved too much to reverse.<\/p>\n In a separate X thread<\/a> the same day, the official account for Kinto explained that the team raised over $1 million after the exploit via an effort called \u201cPhoenix,\u201d but the 577 ETH that was drained in the exploit \u2014 worth about $2.5 million at current prices \u2014 and new debt in addition to market conditions \u201ckilled further fundraising.\u201d<\/p>\n \u201cThe team has been unpaid since July. It’s time to face reality and shut down responsibly,\u201d Kinto wrote in the X post. Following the announcement, Kinto\u2019s native token, K<\/a>, lost over 97% in value, dropping sharply from $2.40 to $0.50, per data from CoinGecko. At press time, K has dropped even further, down about 70% over the last 24 hours to trade around $0.08.<\/p>\n Phoenix lenders, who put up $1.05 million to help Kinto stay afloat, will get back about 76% of their money, the project said. Recuero also said he wiped out $75,000 in debt and added $55,000 of his own cash so that smaller lenders on Morpho protocol \u2014 users of which also fell victim in the exploit \u2014 each get at least $1,000. \u201cThat makes all the small lenders whole,\u201d he wrote on X.<\/p>\n As Recuero explained in commentary for The Defiant, the team tried to stay afloat and even secured a $5 million equity commitment from Nimbus Capital to accelerate post-hack recovery, but that deal eventually \u201cfell through.\u201d<\/p>\n \u201cWe also explored OTCs but they were really difficult to justify given that the value of the collateral needed to stay up to justify repayment. As our fundraising options disappeared, every day we were going further and further in debt so we needed to take swift action to be able to repay as much as we could,\u201d Recuero told The Defiant.<\/p>\n Users can withdraw whatever assets they still have on Kinto\u2019s network until Sept. 30, the project said. After that, those balances will be moved into a perpetual on-chain claim so they can be recovered anytime. A separate claim portal for Morpho victims opens Oct. 1, tied to an instrument that gives them 100% of any future recoveries.<\/p>\n Because Kinto was compliance-focused and required know your customer (KYC) identification data to use its network, users had submitted documents through third-party providers like Plaid and Onfido. Recuero emphasized in comments to The Defiant that Kinto \u201cdoes not store KYC data,\u201d adding that all the KYC providers \u201cwill be instructed to delete all data as we cancel our contracts by the end of the month.\u201d<\/p>\n Kinto\u2019s collapse traces back to a bug in the ERC1967Proxy standard, where hackers minted<\/a> 110,000 tokens, drained liquidity, and sent Kinto\u2019s native token K crashing from $7.69 to $0.50 in under an hour. Nearly $13 million in value evaporated. <\/p>\n Shortly after the attack, Recuero told The Defiant exclusively that \u201call signs point to Lazarus,\u201d a North Korean state-sponsored hacking group that was also responsible for the $1.5 billion Bybit hack<\/a> earlier this year.<\/p>\n K briefly regained all of the lost value in August, rising to $8 on Aug. 14, before beginning a steady decline and then dropping sharply this weekend on the news that the protocol would shut down entirely. <\/p>\n Critics said that the team should have caught the flaw, but Recuero pushed back, noting that the exploited contract wasn\u2019t even written by the Kinto team, and adding that the vulnerable proxy contracts \u201cwere audited by 30 different auditors, part of the OpenZeppelin foundational contract library and had been used for 10 years until now.\u201d<\/p>\n\u2018Needed to Take Swift Action\u2019<\/h2>\n
KYC Data Will Be Deleted<\/h2>\n
Lazarus Behind the Attack<\/h2>\n