KyberSwap offers a 10% bounty for the return of $46M stolen in a sophisticated DeFi heist.
KyberSwap, a decentralized exchange, has proposed a 10% bounty to the perpetrator behind the recent $46 million heist. This offer, amounting to $4.6 million, hinges on the condition that 90% of the stolen funds are returned. The exchange has set a deadline of 6 am UTC on November 25 for the hacker to comply.
The Heist and Its Aftermath
On November 22, KyberSwap suffered a significant security breach. The hacker skillfully extracted approximately $20 million in Wrapped Ether (wETH), $7 million in Wrapped Lido-staked Ether (wstETH), and $4 million in Arbitrum (ARB) tokens. Following the heist, the funds were dispersed across several blockchain networks, including Arbitrum, Optimism, Ethereum, Polygon, and Base.
In response to this incident, KyberSwap took immediate action on November 23. They alerted their users about the breach in their liquidity solution, KyberSwap Elastic, and advised them to withdraw their funds promptly.
Negotiation Tactics and Security Insights
The hacker, after securing the stolen assets, initiated a conversation with KyberSwap. In their message, they indicated a willingness to negotiate the return of the assets. Following a day of no communication, KyberSwap reached out, recognizing the hacker’s expertise and suggesting the return of 90% of the stolen funds. They emphasized the urgency of resolving the situation for all parties involved.
Should the hacker choose not to engage or fail to meet the stipulated deadline, authorities and the KyberSwap team would continue to pursue them. KyberSwap remains open to further discussions, offering an email channel for communication.
Doug Colkitt, the founder of Ambient Exchange, analyzed the attack. He highlighted that the hacker used a sophisticated smart contract exploit, described as an “infinite money glitch.” This method allowed the hacker to repeatedly drain funds from various KyberSwap pools across different networks, culminating in the $46 million theft.