When users were on the cryptocurrency exchange, their browsers would load Kakao’s javascript library directly from Kakao’s servers at the following URL (see diagram): It was actually this URL that was the attacker’s target, not any of the resources operated by KLAYswap itself. This theft, which was detailed in a Korean-language blog post by the security firm S2W, exploited systemic vulnerabilities in the Internet’s routing ecosystem and in the Public Key Infrastructure (PKI), leaving the Internet’s most sensitive financial, medical and other websites vulnerable to attack. That is because the hack exploited structural vulnerabilities in the trust the PKI places in the Internet’s routing infrastructure. Rather, it was a well-crafted example of a cross-layer attack exploiting weaknesses across the routing system, public key infrastructure, and web development practices.