In a surprising twist, the decentralized exchange KyberSwap was hit by a cyberattack on November 22, resulting in a staggering loss of $46 million. Rather than taking a traditional legal route, KyberSwap has taken an unusual approach by offering a $4.6 million bounty to the hacker for the safe return of 90% of the stolen funds. This blog explores the details of the incident, the ongoing negotiation, and what it means for users.
The Hack and How KyberSwap Reacted
On November 23, KyberSwap alerted its users about the compromise of its liquidity solution, KyberSwap Elastic, urging them to pull out their funds. The hacker managed to swipe $20 million in Wrapped Ether (wETH), $7 million in wrapped Lido-staked Ether (wstETH), and $4 million in Arbitrum (ARB) tokens. The stolen funds were then shuffled across different chains.
The Unusual Negotiation Process
After successfully hiding the stolen funds, the hacker initiated communication with KyberSwap through an on-chain message, expressing a willingness to negotiate. KyberSwap responded by offering a 10% bounty, equivalent to the users’ funds taken in the hack, in exchange for the safe return of all funds. Negotiations paused temporarily, with the hacker stating they would resume after getting some rest.
The Countdown and Future Discussions
After a day of silence, KyberSwap issued an ultimatum to the hacker: return 90% of the stolen funds by 6 am UTC on November 25, or face consequences. The team acknowledged the hacker’s skills and suggested further discussions via email. Failure to comply would mean continued pursuit by KyberSwap.
The KyberSwap hack sheds light on the vulnerabilities in decentralized exchanges, underscoring the need for robust security measures. KyberSwap’s decision to negotiate and offer a bounty, though unconventional, shows a practical approach to recovering stolen funds and safeguarding user assets. As the crypto community observes this unprecedented event, it prompts questions about the future of cybersecurity in the decentralized finance (DeFi) space.
Why did KyberSwap offer a bounty to the hacker?
KyberSwap chose a bounty approach as an alternative to legal actions, aiming to motivate the hacker to return 90% of the stolen funds for the safety of all users.
What’s the significance of the 6 am UTC deadline on November 25?
KyberSwap set this deadline for the hacker to return the funds. Failure to comply would lead to the hacker being pursued, highlighting the seriousness of the situation.
How did the hacker pull off the KyberSwap attack?
A decentralized finance (DeFi) expert suggests that the attacker used an “infinite money glitch” through a carefully engineered smart contract exploit, draining a total of $46 million from KyberSwap pools on multiple networks.