Decentralized exchange KyberSwap offered a 10% bounty to the hacker who stole $46 million on November 22 and left a record of the negotiations. The exchange hopes to return 90% of the loot by 6 a.m. UTC on November 25.
On November 23, KyberSwap alerted users that its liquidity solution, KyberSwap Elastic, had been compromised and advised them to withdraw funds. Meanwhile, on November 22, hackers stole approximately $20 million in Wrapped Ether (wETH), $7 million in Lido Collateral Ether (wstETH), and $4 million in Arbitrum (ARB) tokens. The hackers then stole the loot across multiple chains, including Arbitrum, Optimism, Ethereum, Polygon, and Base.
After hiding the stolen funds, the hacker wrote an on-chain message To KyberSwap developers, employees, DAO members, and liquidity providers, “negotiations will begin in a few hours when I am fully rested.”
After a day of silence from both parties, KyberSwap responded to the hacker’s request to return 90% of the stolen funds. The team acknowledged the hacker’s skills and made a proposal:
“In order to safely return all users’ funds, we are offering a bounty equal to 10% of the funds your hacker took from the user. But we all know how this works, so let’s cut to the chase to make it easier for you and these users They can all continue to live.”
If the hacker fails to repay or respond to KyberSwap by 6 a.m. UTC on November 25, “you will go on the run,” KyberSwap said. The team is willing to discuss further with the hacker via email.
related: KyberSwap announces potential vulnerability and requires LP to withdraw as soon as possible
An analysis of the recent KyberSwap hack by a decentralized finance (DeFi) expert shows that the attackers used an “infinite funds glitch” to drain funds.
Doug Colkitt, founder of Ambient Exchange, explained that KyberSwap attackers rely on “complex and well-designed smart contract vulnerabilities” to carry out their attacks.
1/ Having completed my initial in-depth research into the Kyber vulnerability, I think I now have a good understanding of what is going on.
This is easily the most complex and elaborate smart contract vulnerability I have ever seen…
— Doug Colkit (@0xdoug) November 23, 2023
The attacker then re-exploited the vulnerability on other Kyberswap pools across multiple networks, ultimately stealing $46 million in cryptocurrency.
Magazine: This Is Your Crypto Brain: Rising Drug Abuse Among Cryptocurrency Traders
Svlook
