KyberSwap offers 10% bounty to hacker following $47 million exploit

Crypto Ecosystems • November 24, 2023, 5:27AM EST
Published 1 minute earlier on
UPDATED: November 24, 2023, 7:29AM EST
The Block

Quick Take

  • KyberSwap offered a 10% bounty to the hacker who stole $47 million.
  • The team replied to an on-chain message previously left by the perpetrator.

Decentralized exchange protocol KyberSwap offered a 10% bounty to the hacker who executed an exploit leading to the loss of $47 million.

The attack, which occurred earlier this week, targeted KyberSwap’s Elastic pools, compromising funds across multiple blockchains including Arbitrum, Optimism, Ethereum, Polygon, and Base.

The perpetrator had previously left a message on the blockchain suggesting an interest in negotiating with the team. The message stated: “Dear Kyberswap Developers, Employees, DAO members, and LPs, negotiations will start in a few hours when I am fully rested. Thank you.”

Today, KyberSwap proposed a deal. In an on-chain message, the team offered an implied white hat bounty reward equal to 10% of the stolen funds (roughly $4.7 million) on the basis that the hacker returns the remaining 90% to a specified address by 6 am UTC on November 25.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Ultimatum to the attacker

In the message, KyberSwap co-founder Victor Tran said the hacker can return the funds or "stay on the run."

The bounty offer is part of KyberSwap’s efforts to mitigate the consequences of the incident and make liquidity providers whole. Security firm Beosin explained that the vulnerability that resulted in the attack was due to an issue with the tick interval boundaries on Kyber's liquidity pools. This enabled the hacker to artificially double the liquidity, which they were then able to drain.


Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]

Editor

To contact the editor of this story:
Tim Copeland at
[email protected]

More by Vishal Chawla