Ethereum L2 Kinto Shuts Down after July Exploit as ‘Fundraising Options Disappeared’

Compliance-focused Ethereum Layer 2 (L2) network Kinto shut down two months after the exploits drained millions of people from the protocol, wiping away 90% of the token’s value.

In the X-thread on Sunday, September 7th, Kinto co-founder Ramon Recuero said the team “everything’s back,” but that damage and loss of trust from the hack proved too much to turn it around afterwards.

In another X-thread on the same day, Kinto’s official account explained that while the team raised more than $1 million after exploiting via an effort called “Phoenix,” 577 ETH, worth around $2.5 million at its current price, killed “full funding” in addition to the market conditions.”

“The team has been unpaid since July. It’s time to face reality and close responsibly,” Kinto wrote in X-Post. Following the announcement, Kinto’s native token K fell sharply from $2.40 to $0.50 per Coingecko data. At the time of pressing, K fell about 70% in another 24 hours, trading around $0.08.

“We had to act quickly.”

According to the project, Phoenix Lenders, who spent $1.05 million to help Kinto float, said they would regain about 76% of their money. Recuero also wiped out $75,000 in debt and added $55,000 in cash, ensuring that small Morpho protocol lenders (exploit casualties) win at least $1,000. “It’s all the little lenders all over,” he wrote to X.

As Recuero explained in his commentary on the Rebels, the team was floating, securing a $5 million share commitment from Nimbus Capital to accelerate the post-hack recovery, but the deal “falls” in the end.

“We also explored OTC, but it was really difficult to justify given the value of the collateral needed to maintain it to justify the repayment. Every day, we were in debt even more as our fundraising options disappeared.

KYC data will be deleted

Users will be able to pull out assets that are still on Kinto’s network until September 30th, the project says. These balances will then be moved to permanent on-chain billing so that they can be restored at any time. Another billing portal for Morpho victims will open on October 1st and will be tied to an instrument that will give 100% of future recovery.

Kinto focuses on compliance and needs to know customer (KYC) identification data, and therefore users submit documents through third-party providers such as Plaid and Onfido. Recuero emphasized in his comment to Defiant that Kinto “does not store KYC data”, adding that all KYC providers will be “instructed to delete all data when cancelling their contracts by the end of the month.”

Lazaro Behind the Attack

The Kinto collapse returns to a bug in the ERC1967 Proxy standard. The hackers minted 110,000 tokens, draining liquidity and crashing Kinto’s native token K from $7.69 to $0.50 within an hour. Almost $13 million worth has evaporated.

Shortly after the attack, Recuero exclusively told the rebels that “all indications point to Lazarus,” a North Korean state-sponsored hacking group that will be responsible for the $1.5 billion Bybit Hack earlier this year.

K temporarily regained all lost value in August, rising to $8 on August 14th, then steadily declined, dropping sharply this weekend with news that protocols would shut down completely.

Critics said the team should capture the flaws, but recuero noted that the contract in exile was not written by the Kint team, adding that the vulnerable proxy contract was “part of the Openzeppelin Foundational Contract Library and has been in use for 10 years up until now.”

Founded in February 2023, Kinto has secured $5 million in seed funding to launch The First Kyc’ed Layer 2. Of that, $1.5 million came from the pre-seed round led by Kyber Capital Crypto, followed by $3.5 million from the followers led by Kyber, Spartan Group and Parafi, as well as Skybridge, Kraynos, Soft Holdings, Deep Ventures, Modular, Tane and Robot Ventures.

In February of this year, Brevan Howard Digital’s Abu Dhabi Arm deployed $20 million in assets to Kinto’s network, adding institutional liquidity to the protocol.