Kinto’s native tokens, a layer 2 network focused on compliance, crashed 90% on July 10 within an hour when attackers misused the token mint mechanism and discharged assets.
According to a July 11 X-thread by Kinto co-founder Ramon Recuero, the incident appears to be tied to a wider range of vulnerabilities affecting thousands of contracts across Defi, built using the ERC1967Proxy standard.
The vulnerability first discovered by blockchain security company Venn was built with researchers from Dedaub, Seal 911 and on-chain analyst Pcaversaccio – revealed that thousands of contracts using the ERC1967 Proxy standard were exposed to new exploits that allow attackers to insert attackers while they explode like Etherscan, while injecting malicious proximin.
The full list of affected projects remains unknown, but Recuero said Berachain, a layer-1 blockchain that raised at least $100 million, was also exposed to vulnerabilities, but was able to prevent the attack in time.
While the 36-hour “Warroom” effort helped ensure many protocols before the vulnerability was widely exploited, Recuero suggests that public disclosure of the vulnerability could have unintentionally triggered an attack on Kint, even after other teams were warned.
Recuero repeatedly told the rebels, “The Kinto network, assets and wallets are unaffected and very safe.” “This was a vulnerability in Proxy Contract ERC 1967, which was exacerbated by bugs in Block Explorer like Etherscan and Arbiscan,” he added.
Source: Arbiscan
By leveraging the backdoor, the attackers minted 110,000 K tokens and later used them to drain the morphovold and the UNISWAP V4 pool. Additional tokens were minted on demand, what Recuero described as a “simple” attack, bridging funds and swapping protocols.
“I know this is really tough for you guys. I’m really sorry. No matter the situation, it’s all my fault and I’m responsible. Me and the team will do anything with us to come back from now on.”
“All signs point to Lazarus.”
In the attack, Kinto’s native token K collapsed 90% in under an hour, crashing from just $7.69 to just $0.50 to just $0.50 in just minutes per Coingecko data.
Kint Chart
According to Recuero, the team is working with Cayman Islands authorities and security groups, including Zeroshadow and Venn Build, to track attackers. Speaking to the rebels, Recuero said, “All the signs point to Lazarus.” This is a North Korean state-sponsored hacking group that was responsible for the $1.5 billion BYBit Hack earlier this year.
If the recovery effort is successful, Kint plans to roll back the token balance to the snapshot block taken before the exploit, restoring the liquidity of Morpho Vault and Uniswap and relisting it on a centralized exchange with a pre-hack price of $7.48 by July 31st.
Recuero emphasized that Corekint networks, including wallets, bridges and UIs, remain unaffected. Following the hack, social media critics panned Kint’s reliance on the open peppelin ERC1967 Proxy pattern without fully auditing due to all possible vulnerabilities.
Users under the alias @Semidefi claimed that “sloppy proxy setup” kept the door open for exploitation and effectively held liability for violations.
In response, Recuero told Defiant, “The vulnerable proxy contracts have been audited by 30 different auditors, part of Openzeppelin’s Basic Contract Library, and have been in use for 10 years up to now.”
Founded in 2023 by Ramon Recuero, Víctor Sánchez and Alan Keegan, Kinto is a compliance-focused layer 2 network built on Ethereum’s Arbitrum Nitro Stack with native KYC/AML enforcement.
Kint TV
According to L2Beat data, Kinto held more than $80 million in collateral value as of December 2024, but that figure fell, down to $16 million as of July 10th.
In February 2025, Abu Dhabi Arm of Brevan Howard Digital deployed $20 million in assets to Kinto to join the facility-grade Defi Ecosystem.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
