KyberSwap Hacker Offers $4.6M Bounty to Recover $46M Heist
Decentralized exchange KyberSwap has offered a 10% reward to a hacker who stole $46 million and left a negotiation note on November 22. The exchange wants 90% of the loot returned by 6 am UTC on November 25.
In the year On November 23, KyberSwap warned users of its liquidity solution KyberSwap Elastic and advised them to withdraw funds. Meanwhile, on November 22nd, the hacker took approximately $20 million in Bundled Ether (weTH), $7 million in Lido-staked Ether (wstETH), and $4 million in Arbitrum (ARB) tokens. The hacker then hacked through several chains including Arbitrum, Optimism, Ethereum, Polygon and Base.
After stashing the stolen funds, the hacker posted a message on the chain to KyberSwap developers, staff, members of the decentralized autonomous organization, and liquidity providers, saying, “After a few hours I'm fully rested, negotiations will begin.”
Following a day of silence from both ends, KyberSwap responded to the hacker to return 90% of the stolen funds. The group accepted the hacker's skills and offered:
“There is a bonus on the table equal to 10% of the users' funds taken by your hack to safely return the users' funds. But we both know how this works, so let's cut to the chase so you and these users can all get on with life.
If the hacker doesn't pay or respond to KyberSwap by 6 a.m. UTC, Nov. 25, “they will remain on the run,” KyberSwap said. The team is open to further discussion with the hacker via email.
Related: KyberSwap Announces Vulnerability, Tells LPs to Remove ASAP
A decentralized finance (DeFi) expert reported on the recent KyberSwap hack that the attacker used an “unlimited money problem” to siphon funds.
Doug Colquitt, co-founder of AmbientSwap, explained that the KyberSwap attacker relied on “sophisticated and carefully crafted modern contract exploits” to carry out the attack.
1/ I've done my first deep dive into cyber exploitation, and now I think I have a pretty good understanding of what's going on.
This is easily the most complex and carefully developed smart contract exploit I've ever seen.
— Doug Colquitt (@0xdoug) November 23, 2023
The attacker then repeated this exploit on other Kyberswap pools across multiple networks, eventually making off with $46 million in crypto loot.
Magazine: This is your brain on crypto: Substance abuse grows among crypto traders
