Author: 1912212.eth, Foresight News

The bull market in the cryptocurrency market has quietly arrived, yet sudden short-term crashes of project protocol tokens continue to occur. On July 10, amidst an overall positive trend in the cryptocurrency market, the native token K of the Kinto project experienced a severe crash, plummeting from around $8 to approximately $0.7, a drop of over 90%, with its market cap evaporating to less than two million dollars.

This incident quickly sparked a huge uproar on social media and within the crypto community, with investors accusing the project team of a "rug pull."

K Token Plummets Over 80% in 2 Hours

Kinto is a Layer 2 solution based on Ethereum, focusing on the development of smart wallets and DeFi infrastructure. Its token K officially launched for trading at the end of March 2025, once rising to around $7, and was seen as a potential stock within the Arbitrum ecosystem. However, everything took a sharp turn on July 10. Around 4 PM Beijing time, the price of K began to fluctuate abnormally, initially dropping slightly, and then crashing over 80% within just 2 hours. Trading data showed a sudden influx of a large number of K tokens into the liquidity pool, leading to a surge in supply and a subsequent panic sell-off in the market.

A user on social platform X, @waleswoosh, posted: "Someone minted fake K tokens and sold them all, causing Kinto's market cap to drop from $80 million to $7 million. This is truly an unbelievable technical error."

In response to market skepticism, Kinto's official team quickly replied and confirmed that a vulnerability had been discovered outside the Kinto network.

Notably, just on June 30, the Kinto project had completed a round of early investor token unlocks, involving about 2.25 million K tokens worth approximately $15 million. This led some community members to suspect that the crash was related to internal selling rather than a mere technical flaw.

Kinto CEO Announces Investigation Results to Address Concerns

Kinto's official team announced a follow-up action plan, including:

• Raising funds to recover the $1.4 million loss in Uniswap liquidity and Morpho vault balance;
• Taking a snapshot of K balances before the hack;
• Creating a new K token on Arbitrum using these balances;

Kinto emphasized that the vulnerability did not occur in the Kinto core network but rather in peripheral contracts on the Arbitrum chain, and it was not intentional on the part of the project team. The team stated that they had suspended the relevant contract functions and initiated an emergency audit. They also denied the community's rug pull accusations, pointing out that team tokens are locked until April 2026 and cannot be sold prematurely.

Kinto CEO Ramon Recuero added in a follow-up post: "This was an unexpected technical error, and our team is working hard to fix it and will compensate affected users." He outlined the sequence of events.

The hacker minted K tokens in unlimited quantities on the Arbitrum network and stole $1.55 million worth of ETH and USDC from Uniswap and Morpho platforms (which also caused a loss in K token price). Previously, a serious backdoor was discovered in thousands of contracts using ERC1967Proxy (a commonly used standard provided by OpenZeppelin, abbreviated as OZ). The hacker was able to exploit vulnerabilities in blockchain explorers (such as Etherscan, Arbiscan, etc.) to implant a hacker proxy unnoticed. Ramon Recuero stated that many teams received notifications and patched the vulnerabilities, but Kinto did not receive any notice, allowing the hacker to quickly take control of its tokens on Arb and attack using the proxy before the patch was released. At 4:34 PM Beijing time, the hacker minted 110,000 K tokens and began the attack to drain the Morpho Vault and Uniswap v4 pool.

Ramon expressed apologies to the community and stated that they would raise funds from partners and existing investors to restore the token balance to the state before the hacker attack or block 356168891.

He mentioned that if these avenues prove effective, they would complete the following by July 31:

• Restore all K token balances to the snapshot state before the hacker attack.
• Restore the Morpho fund pool to its state before the hacker attack, including the Royco-related portion.
• Restore liquidity on Uniswap.
• Restart trading on centralized exchanges (CEXs) at the same price of $7.48.

However, this response did not completely quell community dissatisfaction. Opinions suggesting that the project team was responsible for the crash were rampant on social media, with many investors sharing screenshots of their holdings, lamenting significant losses.

This vulnerability incident is not an isolated case. The cryptocurrency market has seen multiple similar contract vulnerability incidents. According to TheBlock, the crypto industry lost $92.5 million due to DeFi vulnerabilities in April alone this year, a year-on-year increase of 27.3%. Among them, the UPCX and KiloEx incidents had the largest losses, amounting to $70 million and $7.5 million, respectively.

Analysts from blockchain security company PeckShield stated: "The vulnerability in Kinto may have been caused by a reentrancy attack due to the minting function not being locked. Such issues are common in contracts that have not undergone multiple rounds of audits." They advised investors to prioritize reviewing audit reports and token unlock schedules when participating in new projects.

The Kinto case once again highlights the security challenges blockchain projects face when deploying Layer 2 solutions.

Summary

The Kinto token crash event is a microcosm of the cryptocurrency market in 2025: innovation coexists with risk. Yesterday's crash and today's official announcement not only test the project team's crisis response capabilities but also remind investors to act cautiously. In the coming days, Kinto's audit report and compensation plan will be the focus. If handled properly, this may just be a temporary low; otherwise, it could severely damage its reputation. In this fast-paced market, DYOR (Do Your Own Research) remains an eternal maxim.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。