The individual responsible for the $46 million cryptocurrency theft from KyberSwap has issued a warning to the exchange’s executives, tokenholders, and liquidity providers. In an on-chain message, the exploiter demanded that the hostilities subside before negotiations could proceed. They threatened to postpone any potential treaty announcement until all parties involved can engage in a more civil manner. The exploiter expressed dissatisfaction with the executive team’s response, citing threats, deadlines, and unfriendliness as barriers to constructive dialogue.
Initial Bounty Deal Leads to Legal Threat
Initially, KyberSwap proposed a bounty deal where the hacker would return 90% of the stolen funds while keeping the remaining 10%. However, when the hacker did not comply immediately, the exchange threatened legal action. In an on-chain message, KyberSwap declared their intent to involve law enforcement and cybersecurity experts in tracking down the exploiter. They also warned the hacker that time was of the essence and it would be in their best interest to accept the initial offer before facing the consequences of legal action.
Recovery Efforts and Public Bounty Program
Despite the ongoing dispute, KyberSwap has managed to recover $4.67 million from the $46 million exploit. The funds were retrieved from operators of front-running bots, which had extracted approximately $5.7 million in crypto from KyberSwap pools on the Polygon and Avalanche networks. Additionally, the exchange announced its plan to initiate a public bounty program. This program aims to incentivize individuals to provide information that supports law enforcement in arresting the hacker and recovering the remaining user funds.
As of now, the KyberSwap team has not responded to the exploiter’s latest message. They are presumably waiting to review the new treaty proposed by the hacker before taking further action. The outcome of this negotiation will likely shape the resolution of the incident and determine the extent to which the stolen funds can be recovered.
Hacker’s Exploitation Technique
Following the hack on November 22, decentralized finance expert Doug Colkitt analyzed the situation. He revealed that the attacker utilized an “infinite money glitch” combined with a carefully engineered smart contract exploit across different networks implementing KyberSwap pools. The exploit targeted the Avalanche, Polygon, and Ethereum networks, as well as layer-2 networks like Arbitrum, Optimism, and Base.
KyberSwap operates on the Kyber Network, a blockchain-based liquidity hub that facilitates the aggregation of liquidity across various blockchains. By eliminating the need for intermediaries, KyberSwap enables the seamless exchange of tokens. The central purpose of Kyber Network is to enhance liquidity and streamline token swaps for users across different blockchain ecosystems.
The hack against KyberSwap has led to a contentious negotiation process between the exploiters and the exchange. Both parties have taken aggressive stances, with threats and legal action looming over the discussions. The recovery of a portion of the stolen funds and the initiation of a public bounty program demonstrate KyberSwap’s commitment to resolving the issue. However, the outcome of the negotiations remains uncertain, and the extent of the recovered funds is still unclear. Only time will tell how the situation unfolds and whether a mutually acceptable resolution can be reached.