Kinto Crisis Revelation: How Should Investors Hedge Against Smart Contract Vulnerabilities in a Bull Market?

Original Article Title: "Kinto Plunges 90% in Horror, Was it a Vulnerability Exploit or a Rug Pull Conspiracy?"

Original Article Author: 1912212.eth, Foresight News

The crypto market bull run has quietly arrived, yet sudden sharp declines in project protocol tokens continue to occur. On July 10, amidst an overall positive trend in the cryptocurrency market, the native token K of the Kinto project suddenly experienced a severe collapse, plummeting from around $8 to about $0.7, a drop of over 90%, with its market capitalization evaporating to less than two million dollars.

This event quickly triggered a storm on social media and within the crypto community, with investors accusing the project team of a potential rug pull.

K Token Plummets Over 80% Within 2 Hours

Kinto is an Ethereum-based Layer 2 solution that focuses on smart wallets and DeFi infrastructure development. Its token K officially started trading at the end of March 2025, rising to nearly $7 at one point and being seen as a potential star in the Arbitrum ecosystem. However, everything took a drastic turn on July 10. Around 4 p.m. 东八区, the price of K started to fluctuate abnormally, first experiencing a slight decline, followed by a sudden drop of over 80% within just 2 hours. Trading data shows that a large amount of K tokens suddenly flooded the liquidity pool, causing a significant supply surge, which triggered a panic sell-off in the market.

User @waleswoosh on the social platform X posted: "Someone minted fake K tokens and sold them all, causing Kinto's market cap to drop from $80 million to $7 million. It's truly an unbelievable technical error." Faced with market scrutiny, the Kinto team quickly responded and confirmed that they had discovered a vulnerability that occurred outside the Kinto network.

It is worth noting that on June 30, the Kinto project had just completed a round of early investor token unlocks, involving around 2.25 million K tokens worth approximately $15 million. This led some community members to suspect whether the crash was related to an internal sell-off rather than a mere technical flaw.

Kinto CEO Reveals Investigation Results in Response to Doubts

Kinto released its follow-up action plan, including

· Raise funds to recover $1.4 million in Uniswap liquidity and Morpho Insurance Vault balance lost;

· Take a snapshot of the K balance blocks before the hack;

· Use these balances to create a new K token on Arbitrum;

Kinto's statement emphasizes that the exploit did not occur in the Kinto core network but in a peripheral contract on the Arbitrum chain, and it was not intentional by the project team. The team has stated that they have paused the relevant contract functions and initiated an emergency audit. At the same time, they have denied the community's rug pull accusations, pointing out that the team tokens are locked until April 2026 and cannot be sold early. Kinto CEO Ramon Recuero added in a follow-up comment: "This was an unintentional technical mistake, and our team is working hard to fix it and compensate affected users," outlining the causes and consequences of the incident.

The hacker performed an infinite mint of K tokens on the Arbitrum network and stole $1.55 million worth of ETH and USDC from Uniswap and Morpho platforms (in addition to causing a loss in the price of K token). Previously, a serious backdoor was discovered in thousands of contracts using ERC1967Proxy (provided as a common standard by OpenZeppelin). The hacker was able to exploit a loophole in blockchain explorers (such as Etherscan, Arbiscan, etc.), inserting a hacker proxy in between unnoticed. Ramon Recuero mentioned that many teams were notified and patched the vulnerability, but Kinto did not receive a notification, leading the hacker to swiftly take control of its token on Arb and use the proxy to attack before the patch was deployed. At 4:34 PM 东八区, the hacker minted 110,000 K tokens and initiated the attack to deplete the Morpho Vault and Uniswap v4 pool.

Ramon expressed apologies to the community and concluded by stating that he would raise funds from partners and existing investors to restore the token balance to pre-hack or pre-block 356168891 status. He mentioned that if successful through the aforementioned channels, the following will be completed by July 31:

· Restore all K token balances to the snapshot state before the hack.

· Restore the Morpho liquidity pool to the state before the hack, including the Royco portion.

· Restore liquidity on Uniswap.

· Resume trading at a price of $7.48 on centralized exchanges (CEXs).

However, this response did not completely quell community dissatisfaction. The view that the project team engaged in token dumping was widespread on social media, with many investors sharing screenshots of their holdings and complaining about heavy losses.

This vulnerability incident is not an isolated case. The crypto market has seen several similar smart contract exploit events. According to TheBlock, the crypto industry lost $92.5 million in April alone due to DeFi exploits, a 27.3% increase year-over-year. Among them, the UPCX and KiloEx incidents suffered the largest losses, with $70 million and $7.5 million lost, respectively. Analysts from the blockchain security firm PeckShield stated: "The vulnerability in Kinto may have been due to an unlocked minting function leading to a reentrancy attack. This kind of issue is common in contracts that have not undergone multiple rounds of auditing." They advised investors to prioritize reviewing audit reports and token unlocking schedules when participating in new projects.

The Kinto case once again highlights the security challenges faced by blockchain projects when deploying Layer 2 solutions.

Summary

The Kinto token plunge event is a microcosm of the 2025 crypto market: where innovation coexists with risk. Yesterday's crash and today's official announcement not only tested the project team's crisis response capabilities but also served as a reminder for investors to act prudently. In the coming days, the focus will be on Kinto's audit report and compensation plan. Handled properly, this may just be a temporary setback; otherwise, it could significantly damage its reputation. In this fast-paced market, DYOR (Do Your Own Research) remains an eternal motto.