KLAYswap reported that users were affected by a third-party SDK supply-chain compromise rather than a flaw in KLAYswap front-end source code or smart contracts. Requests for the normal Kakao SDK JavaScript file were redirected to an attacker-controlled server, causing malicious JavaScript to load into the KLAYswap interface. The injected code modified transaction behavior so users approved or transferred assets to attacker-controlled contracts and wallet addresses. KLAYswap said it blocked service functions, removed Kakao SDK loading, suspended related Orbit Bridge minting activity, and built a token-approval revocation page for affected users. The incident affected 325 wallets through 407 abnormal transactions and caused about 2.2 billion KRW in identified virtual-asset losses.