The hacker responsible for the assault on the KyberSwap decentralized exchange (DEX), transferred $2.5 million worth of stolen digital assets from Arbitrum to Ethereum blockchain.
Blockchain analytics firm PeckShield disclosed transactions originating from the wallet address of the KyberSwap assailant on February 26. According to blockchain data, the intruder transferred 798.8 Ether, valued at nearly $2.5 million, from the Arbitrum network to the Ethereum network.
In addition to transferring $2.5 million, the intruder moved nearly one million of stablecoins. The exploiter, with one wallet, transferred $826,500 in DAI (DAI) stablecoin to another wallet.
KyberSwap constituted one of the most extensive breaches of 2023. The DEX notified its users on November 23 that a “security incident” had occurred and recommended that they withdraw their funds.
An initial assessment revealed that the exploit resulted in the theft of approximately $46 million of digital assets. Nevertheless, upon further investigation, it came to light that the overall loss had nearly augmented to $49 million.
That day, the hacker informed the KyberSwap team via an on-chain message that negotiations would commence once he had “completely rested.” The KyberSwap team responded by presenting the assailant with a bounty of $4.6 million, contingent upon the restitution of 90% of the illicitly acquired funds.
Nevertheless, the hacker’s growing discontent with KyberSwap’s methodology precipitated a deterioration in the bounty negotiations. The hacker threatened the KyberSwap team with further postponement of negotiations on November 29 in an on-chain message wherein he or she warned of “unfriendliness” and legal action if the team persisted in their threats.
Unexpectedly, the intruder demanded complete authority over the KyberSwap organization and its assets. Additionally, the hacker requested provisional complete control and ownership of KyberDAO, the governance framework for Kyber, and all associated documents. Before the “treaty fell through,” the hacker granted the organization until December 10 to decide.
Following the hacker’s requests, the KyberSwap team initiated treasury grants supporting the compromised individuals. The team declared on December 2 that it would provide a grant to individuals who suffered unrecovered financial losses due to the exploit. A month after the exploit, the organization reduced its personnel by half as a significant consequence of the breach.