November 24, 2023 – KyberSwap, a prominent decentralized exchange protocol, has offered a 10% bounty to the hacker responsible for the theft of $47 million. This move comes after the hacker left a message on the blockchain, indicating their willingness to negotiate.
The 47M hack, which unfolded yesterday, severely impacted KyberSwap’s Elastic pools, leading to significant financial losses across several blockchains, including Arbitrum, Optimism, Ethereum, Polygon, and Base.
The hacker’s message, a bold and unusual move, read:
“Dear Kyberswap Developers, Employees, DAO members, and LPs, negotiations will start in a few hours when I am fully rested. Thank you.”
Responding to this, KyberSwap has proposed a deal through an on-chain message, suggesting a white hat bounty of approximately $4.7 million, conditional on the hacker returning the remaining 90% of the stolen funds by 6 am UTC on November 25.
Victor Tran, KyberSwap’s co-founder, issued an ultimatum to the attacker in the message, stating that the hacker has the choice to either return the funds or face continual evasion from authorities.
Source: Etherscan
This bounty offer is a strategic attempt by KyberSwap to alleviate the fallout of the attack and to compensate affected liquidity providers. Security firm Beosin, investigating the incident, identified a flaw in the tick interval boundaries of Kyber’s liquidity pools. This flaw allowed the hacker to inflate the liquidity artificially, which they then drained.
In the wake of the attack, which saw the decentralized exchange’s total value locked drop significantly from over $80 million, KyberSwap advised its users to withdraw their funds as a precaution. The attack strategy, as per on-chain analysts, was not due to a bug in the DEX’s approval authorization code but a targeted assault on the liquidity provider pools themselves, with stolen assets including Ether, wrapped ether (wETH), and USDC.
KyberSwap’s response highlights the growing challenges in the decentralized finance (DeFi) space and the importance of robust security measures to protect users’ assets. The outcome of this bounty offer and the ongoing negotiations with the hacker remain closely watched by the cryptocurrency community.
