Table of Contents
The hacker behind the hack that saw ~$50 million drained from the decentralized exchange protocol KyberSwap promised to release a statement on a potential deal in the coming few days.
The hacker has also demanded that KyberSwap executives ease up on the rhetoric and hostilities, threatening to pull out of negotiations until they are more civil.
Hacker Sends On-Chain Message
The attacker in question, whose identity still remains unknown, encoded an on-chain message in an Ethereum transaction on the 28th of November, promising to release a statement addressing a potential “treaty” on the 30th of November. However, the attacker warned they would not release a statement or participate in negotiations if hostilities continued. The hacker stated in the on-chain message,
“I said I was willing to negotiate. In return, I have received (mostly) threats, deadlines, and general unfriendliness from the executive team. That’s okay; I don’t mind. Under the assumption that I am treated with further hostility, we can reschedule for a later date when we all feel more civil. You need only say the word. If not, we proceed as planned on the 30th of November.”
Negotiations With The Hacker
The team at KyberSwap initially suggested a white hat bounty deal, asking the hacker to return 90% of the stolen funds across all exploits while allowing the hacker to keep the remaining 10%.
“On the table is a bounty equivalent to 10% of users’ funds taken from them by your hack for the safe return of all of the users’ funds. But we both know how this works, so let’s cut to the chase so you and these users can all get on with life.”
However, the hacker did not respond to the offer immediately, prompting the KyberSwap team to follow up with a threat to pursue legal action against the hacker. The team stated in an on-chain message sent to the hacker on the 25th of November,
“We have reached out to law enforcement and cybersecurity on this case. We have your footprints to track you. “So it’s better for you if you take the first offer from our previous message before law enforcement and cybersecurity track you down.”
The KyberSwap team also told the hacker they would initiate a public bounty program. The program would incentivize people to provide any information that would assist law enforcement and could lead to the arrest of the hacker and the recovery of the stolen funds.
Some Funds Recovered
KyberSwap has managed to recover a small portion of the stolen funds from the $46 million exploit. So far, the team has recovered $4.67 million with the help of operators of front-running bots, which extracted around $5.7 million worth of crypto from KyberSwap pools on the Avalanche and Polygon networks. The team is also yet to respond to the latest message from the hacker, and is presumably waiting until the 30th of November to see the new treaty proposed by the hacker.
The KyberSwap Exploit
The message from the hacker comes a week after the hack that saw $47 million drained from KyberSwap’s Elastic Pools liquidity solution. Following the hack, the protocol advised all users to withdraw their funds while it investigated the attack and also opened a line of communication with the hacker. A day after the hack, decentralized finance (DeFI) pundit Doug Colkitt stated that the attacker used an “infinite money glitch” to orchestrate the hack, carrying out a carefully engineered exploit of the protocol’s smart contracts.
This allowed the hacker to drain funds from a number of networks, including Polygon, Avalanche, Ethereum, and Layer-2 networks such as Arbitrum, Optimism, and Base.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.