Ethereum Layer 2 protocol Kinto hacked with a loss of $1.6 million, closing at the end of September.

The Ethereum Layer 2 protocol Kinto announced that it will officially shut down on September 30. Previously, the platform suffered a smart contracts vulnerability attack in July, resulting in a loss of over 1.6 million dollars in liquidity assets. Although there were attempts to raise funds for a restart through the "Phoenix Project," it ultimately chose an orderly exit due to debt pressure and failed financing.

Hacker Attack Details: Fake Token Minting and Liquidity Drain

On July 10, Kinto encountered a complex attack on the Ethereum Layer 2 network based on Arbitrum. The hacker exploited a vulnerability in the smart contracts to mint 110,000 fake KINTO tokens and quickly sold them to the market, stealing approximately $1.57 million in assets from the Morpho lending vault and the Uniswap v4 liquidity pool.

This attack caused the \KINTO token price to plummet by about 95%, severely damaging platform liquidity. Security researchers had previously flagged the vulnerability and issued warnings to multiple DeFi platforms, but Kinto still failed to avoid the attack.

"Phoenix Project" failed to reverse the downturn

To restart operations, Kinto launched the "Phoenix Project", aiming to raise $1 million and issue new $KINTO tokens that reflect the holdings before the attack, while also replenishing the liquidity pool. However, the additional debt incurred to restore loans increased the difficulty of financing for the platform, ultimately leading to the failure of the reboot plan.

The founder announced the closure and promised compensation

Kinto founder Ramón Recuero (who is also the founder of Babylon Finance) stated in the announcement that the team has been operating without pay since July and has ultimately decided to "orderly and transparently close down" and return the remaining foundation assets to the lending institutions, allowing lenders to recover approximately 76% of the principal.

In addition, Recuero promised to allocate $55,000 of personal funds to provide compensation of up to $1,100 per address to victims of the Morpho platform, and allows victims to choose to receive compensation after the funds are restored.

DeFi security challenges receive renewed attention

The exit of Kinto once again highlights the security risks and capital management challenges in the DeFi space. Recuero had previously lost 3.4 million USD during the Rari protocol hacking incident at Babylon Finance and organized a compensation action. With Kinto's shutdown, he emphasized that he would not let the platform fall into a "zombie mode" but instead chose to protect the interests of users and lenders.

Conclusion

The closure of Kinto is not only a case of a DeFi platform exiting due to a security incident, but also serves as a reminder to the market that vulnerabilities in smart contracts and liquidity risks remain core challenges in decentralized finance. As the Ethereum Layer 2 ecosystem continues to expand, how to strike a balance between innovation and security will determine the survival of more protocols.