KyberSwap exchange was hacked for US$48 million, but what's catching more attention is the hacker claiming to be a Kyber director. Not only demanding control over Kyber's assets, but also seeking authority over the entire protocol and company.
On November 23rd, KyberSwap encountered an attack where approximately US$48 million worth of crypto assets across the ETH mainnet, Base, and Arbitrum chains were stolen. The hackers left behind a taunting message saying, "Let's talk after a good rest."
Same Solution
Last September, KyberSwap's frontend was attacked, resulting in a combined loss of US$265,000 across two addresses. Binance's security team announced on September 3rd that they had identified two suspects involved in the KyberSwap attack. Kyber's official statement offered a 15% bug bounty if the attackers returned the funds through a centralised exchange within a specific timeframe. Subsequently, most of the funds were returned, and the incident was resolved.
And this time, Kyber has also proposed a similar solution. After hackers left negotiation messages, KyberSwap released a statement offering a 10% reward as an incentive to retrieve funds stolen from users.
They also stated,
"Stands out as one of the most sophisticated in the history of DeFi, noting that the attacker had to "execute a precise sequence of on-chain actions in order to exploit the vulnerability."
Actions and Requests on the Hacker
After the announcement was made, hackers successively returned the funds to Polygon and Avalanche. However, just when everyone thought the theft case would ultimately end with the return of most of the funds, things took a different turn.
On November 29th, the KyberSwap attacker released a message online stating the below picture.
The hacker gained complete operational control of Kyber Network, temporarily seized full governance of KyberDAO to implement legislative changes, and demanded all files and information related to the company and protocol. Additionally, hackers requested Kyber Network surrender all on-chain and off-chain assets.
Support Victor's Actions
Kyber's co-founder and CEO, Victor Tran, expressed his stance on X.
"It's been a few days since the exploit attack, and I finally have the time and bandwidth to communicate. I remain fully dedicated to doing everything in my power, alongside the team, to support efforts to bring the attackers to justice."
Many community members commented, showing support for Victor's actions. Justin Sun also expressed support for Victor in the comments under this tweet.
KyberSwap’s Official Announcement
On December 1st, the official KyberSwap account issued a statement reiterating its steadfast commitment to tracking down attackers and recovering user funds taken from them.
They also announced plans to offer compensation through the KyberSwap Treasury to users who suffered losses in the exploit and have not yet retrieved their funds, with a maximum reimbursement of 100% of the stolen funds. Details about the proposed financial allocation are currently being formulated and will be announced within the next two weeks.