S2W analyzed the KlaySwap incident as a BGP hijacking operation that redirected traffic for Kakao SDK delivery paths toward attacker-controlled infrastructure. The attacker issued a ZeroSSL certificate for developers.kakao.com, served a malicious kakao.min.js only to users arriving from KlaySwap, and modified wallet and contract logic so token operations sent assets to attacker-controlled accounts and factory contracts. The routing manipulation began before the first abnormal transaction on February 3, 2022, and affected Kakao SDK-dependent services while KlaySwap users continued generating theft transactions until 18:01 KST. Blockchain tracing in the excerpt links the stolen assets to swaps through KLAY-based tokens and transfers to FixedFloat, with confirmed attacker wallets and contract addresses documented.