KyberSwap is offering a 10% bonus to the hacker who stole $47 million
KyberSwap was founded in 2008. He has yet to return the $7 million stolen on November 22. The decentralized exchange offered a 10% bonus to hackers for refunds. Security firm Beosin disclosed the exploit's complexities, with the attack linked to vulnerabilities in cyber-liquidation pools.
Following the $47 million KyberSwap hack on November 22nd, the decentralized exchange protocol made a bold move to recover the funds.
The protocol offers an auction to encourage the hacker to return the stolen property.
Encouragement for the hacker
KyberSwap offered a 10% (worth $4.7 million) reward to the hacker who carried out the exploit in response to the criminal's message on the chain.
The hacker hinted about negotiations with the KyberSwap team, “Dear Kyberswap developers, staff, DAO members and LPs, negotiations will begin in a few hours after I have a complete break. Thank you.”
KyberSwap co-founder Victor Tran issued a direct ultimatum in a chain message, offering the hacker a choice: return the money or “stay on the run.” The bonus offer is for the hacker to return the remaining 90% of the stolen funds to the specified address by November 25th at 6am UTC.
The KyberSwap attack
The attack targeted KyberSwap's Elastic pools, exploiting a vulnerability related to a tick loophole in KyberSwap's liquidity pools. According to security firm Beosin, the flaw allowed the hacker to artificially double the amount of liquidity and flow $47 million across various blockchains, including Arbitrum, Ethereum, Optimism, Polygon and Base.
The incident highlighted the ongoing challenges and security concerns in the decentralized finance (DeFi) space. KyberSwap's pre-reward approach aims to reduce the impact of exploitation and ensure that funders are compensated for their losses.
The situation remained fluid as the hacker kept quiet about the November 22 attack and did not respond to the attack proposal.
