- Kinto’s $K token plunged 99% after the Arbitrum mint contract exploit.
- Hacker minted 7M tokens and drained USDC via the Morpho lending platform.
- Kinto says user funds are safe and a full investigation is underway.
Kinto Network has suffered a severe blow after a smart contract exploit linked to its Arbitrum deployment, leading to the collapse of the K token’s value.
Within just 24 hours, the price of the $K token plummeted by over 99%, shocking investors and triggering a wave of uncertainty across the decentralised finance (DeFi) space.
The breach, which originated from a minting contract on Arbitrum and not the Kinto mainnet itself, enabled the unauthorised creation of millions of tokens, ultimately undermining trust in the project’s token economy.
The exploit originated off the Kinto Network
Kinto confirmed that the exploit occurred off-network, specifically on the Arbitrum version of the K token’s mint contract, which had not been adequately secured against unauthorised minting.
Although the main Kinto network, wallets, and bridge vaults remained unaffected, the attacker managed to mint nearly 7 million K tokens—more than three times the previously circulating supply of fewer than 2 million tokens.
According to early on-chain analysis, the malicious actor did not immediately dump the tokens on public exchanges but instead began to slowly manipulate the market to maximise the token’s apparent value.
This stealthy approach allowed the attacker to use the inflated token price as leverage on Morpho, a DeFi lending platform, where they deposited the newly minted tokens as collateral.
Shortly after, the hacker borrowed large sums of USDC and subsequently withdrew the funds, leaving the protocol and the broader market exposed to significant losses.
Morpho Protocol has been left holding worthless tokens
One of the most significant aftershocks of the exploit is the collateral damage inflicted on Morpho, the protocol where the attacker deposited the inflated $K tokens.
With the token’s value now decimated, Morpho is left holding tokens that are essentially worthless, raising concerns about how the platform will manage the bad debt and mitigate the financial hit.
This event underscores the systemic risks associated with DeFi platforms that rely heavily…