KyberSwap Crypto Theft: Threats and Negotiations
In a surprising turn of events, the individual responsible for the $46 million crypto theft from KyberSwap has demanded less hostility from its executives and tokenholders. The hacker threatened to delay negotiations unless they perceive the environment to be “more civil”.
An on-chain message addressed to KyberSwap officials, tokenholders and liquidity providers issued on November 28 laid down the hacker’s plans to release a statement regarding a potential agreement with KyberSwap on November 30. However, this is predicated on the ceasing of the current hostile environment.
The message stated: “I said I was willing to negotiate. In return, I have received (mostly) threats, deadlines, and general unfriendliness from the executive team,” They added, “Under the assumption that I am treated with further hostility, we can reschedule for a later date, when we all feel more civil.”
Response from KyberSwap
KyberSwap, a cross-chain decentralized exchange, initially offered a bounty deal where the perpetrator returns 90% of the stolen funds. This would leave the hacker with the remaining 10%. However, this was followed by a threat of legal action when the hacker didn’t agree to the terms immediately.
“We have reached out to law enforcement and cybersecurity on this case. We have your footprints to track you,” said the KyberSwap team in a November 25 on-chain message, adding, “So it’s better for you if you take the first offer from our previous message before law enforcement and cybersecurity track you down.”
KyberSwap also mooted the idea of instituting a public bounty program to incentivize anyone who provides information leading to the hacker’s arrest and the recovery of user funds.
Partial Recovery and Further Developments
In the aftermath of this event, the KyberSwap team managed to recover $4.67 million of the $46 million lost via operators of front-running bots. These operators managed to extract around $5.7 million in crypto from KyberSwap pools on the Polygon and Avalanche networks.
There has been no response from KyberSwap to the hacker’s latest message and it is presumed they are awaiting the new proposed treaty mentioned by the hacker.
Hack Details and Impact
Just a day after the November 22 hack, Doug Colkitt, a decentralized finance expert, noted that the attacker utilized an “infinite money glitch” to execute a “complex and carefully engineered smart contract exploit” across multiple networks implementing KyberSwap pools. The exploited funds came from Avalanche, Polygon, Ethereum and Arbitrum, Optimism, and Base layer-2 networks.
KyberSwap operates on Kyber Network, a blockchain-based liquidity hub that accrues liquidity across various blockchains and facilitates the exchange of tokens without an intermediary.