KyberSwap, a decentralized exchange, offered a 10% reward to the hacker who stole $46 million and left a trading note on November 22. The exchange requires 90% of the loot to be returned by 6:00 UTC on November 25.
On November 23, KyberSwap warned users that its liquidity platform KyberSwap Elastic had been compromised and advised them to withdraw their funds. Meanwhile, on November 22, the hacker stole approximately $20 million in Wrapped Ether (wETH), $7 million in Wrapped Lido staked Ether (wstETH), and $4 million in Arbitrum token (ARB). The hacker then redirected the loot to various chains, including Arbitrum, Optimism, Ethereum, Polygon, and Base.
After hiding the stolen funds, the hacker wrote: a message By stating on-chain to KyberSwap developers, employees, Decentralized Autonomous Organization members and liquidity providers: “Negotiations will begin in a few hours, when I am fully rested.”
After a day of silence from both parties, KyberSwap responded to the hacker by demanding the return of 90% of the stolen funds. The team recognized the hacker’s abilities and made an offer:
“A reward equivalent to 10% of the user funds stolen by your attack is on the table in exchange for the safe return of all user funds. But we both know how this works, so let’s get down to business, so you and these users can get on with your lives.” I wish.”
If the hacker does not pay or respond to KyberSwap by 06:00 UTC on November 25, “will continue to run away”, KyberSwap said. The team is open to further discussions with the hacker via email.
A decentralized finance (DeFi) expert analyzed the latest attack on KyberSwap, finding that the attacker was a “infinite money bug” to dry the funds.
Ambient Exchange founder Doug Colkitt explained that the KyberSwap attacker carried out the attack based on a “sophisticated and carefully designed smart contract exploitation”.
Sharing a tweet about X: Doug Colkitt (@0xdoug) 23 November 2023
1/ I have completed the preliminary review of the Kyber attack and I think I have a good understanding of what happened.
This is without a doubt the most complex and carefully designed smart contract exploit I have ever seen…
1/ I’ve completed the in-depth preliminary investigation into the Kyber exploit and I think I now have a pretty good understanding of what happened.
This is the most complex and carefully designed smart contract exploit I have ever seen…
— Doug Colkitt (@0xdoug) 23 November 2023
The attacker then repeated this exploit on other Kyberswap pools across multiple networks, ultimately managing to steal $46 million in cryptocurrency.