KyberSwap and hackers troll each other in blockchain beef
The hacker responsible for siphoning off $46 million from the decentralized exchange protocol KyberSwap last week has pledged to release a statement on a potential deal with the victims on Nov. 30.
In a dramatic twist of events involving a multimillion dollar hack and executives behind the blockchain protocol KyberSwap, hackers have responded with an on-chain message addressed to KyberSwap executives, token holders, and liquidity providers, claiming that will not succumb to legal “threats.”
“I said I was willing to negotiate,” the hackers posted on Nov. 28. “In return, I have received (mostly) threats, deadlines, and general unfriendliness from the executive team. That’s ok, I don’t mind.”
“Under the assumption that I am treated with further hostility, we can reschedule for a later date, when we all feel more civil. You need only say the word,” they continued. “If not, we proceed as planned on Nov. 30.”
KyberSwap, known for its cross-chain decentralized exchange services, initially proposed a bounty deal with the hacker returning 90% of the stolen funds across all exploits while allowing the hacker to keep the remaining 10%, which would amount to $4.6 million.
However, the lack of immediate compliance from the hacker led KyberSwap to threaten legal action, prompting the bitter exchange.
In an on-chain message dated Nov. 25, KyberSwap alerted the hacker of their engagement with law enforcement and cybersecurity experts, warning of the consequences of not accepting the initial offer.
“So it’s better for you if you take the first offer from our previous message before law enforcement and cybersecurity track you down,” the KyberSwap team warned.
KyberSwap also told the hacker that they plan to launch a public bounty program, offering rewards to anyone who can provide information aiding law enforcement in arresting them and recovering user funds.
KyberSwap recovered $4.67 million
The team behind KyberSwap have said they have managed to recover $4.67 million from the $46 million exploit on Nov. 26.
This they said were from operators of front-running bots, which managed to extract around $5.7 million in crypto from KyberSwap pools on the Polygon and Avalanche networks.
The team has not yet replied to the latest message from the hacker on X, and details of any new agreement remain ominous.
Doug Colkitt, the founder of Ambient Exchange, explained that the hacker exploited a particular element of KyberSwap’s concentrated liquidity feature. This manipulation deceived the contract into acknowledging more liquidity than there actually was, effectively creating a situation akin to an “infinite money glitch.”
KyberSwap operates under the Kyber Network, a blockchain-based liquidity hub facilitating token exchanges across various blockchains without intermediaries.
The attack affected multiple networks including Avalanche, Polygon, Ethereum, and layer-2 networks like Arbitrum, Optimism, and Base.
Following the incident, KyberSwap experienced a drastic drop in its total value locked, plummeting over 91% from $84.9 million to $7.18 million, as per DefiLlama data.
TVL in KyberSwap following the incident | Source: DefiLlama
Speculations are rife in the user community with many suspecting the hacker to be the same individual responsible for the Indexed Finance attack, which, it should be noted, used crypto addresses connected to both incidents.