Following the November 22 exploit of $46 Million from the decentralized exchange KyberSwap, a 10% bounty reward worth $4.6M has been offered to the hackers in return for the loot.
KyberSwap informed users on November 23 that KyberSwap Elastic, its liquidity solution, had been compromised and recommended that they withdraw their funds.
Subsequently, on November 22, the intruder acquired approximately $4 million in Arbitrum (ARB), $7 million in wrapped Lido-staked Ether (wstETH), and $20 million in Wrapped Ether (wETH). Arbitrum, Optimism, Ethereum, Polygon, and Base were among the chains through which the hacker subsequently siphoned the wealth.
The hacker wrote an on-chain message to KbyerSwap Developers, Employees, DAO members, and LPs, “Negotiations will commence in a few hours, once I have fully rested,” after concealing the stolen funds.
KyberSwap replied to the intruder after a day of silence in which he was expecting the return of 90% of the stolen funds. The group recognized the hacker’s expertise and extended the following offer:
“On the table is a bounty equivalent to 10% of users’ funds taken from them by your hack, for the safe return of all of the users’ funds. But we both know how this works, so lets cut to the chase so you and these users can all get on with life.”
“You stay on the run,” according to KyberSwap, if the hacker does not repay or respond to the transaction by November 25 at 6am UTC. By email, the group is receptive to additional dialogue with the perpetrator.
According to decentralized finance (DeFi) expert’s analysis of the recent KyberSwap breach, the perpetrator drained funds by exploiting an “infinite money glitch.”
Doug Colkitt, the originator of the Ambient exchange, explained that the KyberSwap attacker executed the attack using a “complex and meticulously engineered smart contract exploit.”
Subsequently, the assailant replicated this vulnerability against additional Kyberswap pools spanning multiple networks, ultimately escaping with crypto assets worth $46 million.
