In the aftermath of a significant security breach on November 22, decentralized exchange KyberSwap is now engaging in negotiations with the hacker responsible for stealing $46 million. In an unusual turn of events, KyberSwap has offered a 10% bounty, amounting to $4.6 million, for the safe return of 90% of the stolen funds.
KyberSwap’s liquidity solution, KyberSwap Elastic, fell victim to the hack, prompting the exchange to advise users to withdraw their funds. The hacker managed to abscond with approximately $20 million in Wrapped Ether (wETH), $7 million in wrapped Lido-staked Ether (wstETH), and $4 million in Arbitrum (ARB) tokens. The stolen funds were spread across multiple blockchain networks, including Arbitrum, Optimism, Ethereum, Polygon, and Base.
The hacker, after securing the loot, left an on-chain message indicating an openness to negotiate. Subsequently, KyberSwap responded by offering a 10% bounty to incentivize the return of the stolen funds. The exchange addressed the hacker, acknowledging their skills and presenting a straightforward proposal for the safe return of users’ funds.
However, KyberSwap set a deadline for the negotiation, specifying that if the hacker fails to respond or return 90% of the funds by 6 am UTC on November 25, they will remain on the run. The exchange expressed its willingness to continue discussions via email.
The recent hack on KyberSwap has prompted analysis from DeFi experts, revealing that the attacker exploited what is described as an “infinite money glitch.” Doug Colkitt, founder of Ambient exchange, explained that the hacker employed a sophisticated smart contract exploit, targeting KyberSwap pools on various networks to execute the attack and ultimately make off with $46 million in cryptocurrencies.
As the negotiations unfold, the cryptocurrency community closely watches how this unique situation will resolve, and whether the hacker will opt for the bounty or evade KyberSwap’s ultimatum.