Main page » Blockchain News » KyberSwap hacker offers $4.6M bounty for return of $46M loot
Blockchain News

KyberSwap hacker offers $4.6M bounty for return of $46M loot

KyberSwap hacker offers $4.6M bounty for return of $46M loot

The decentralized exchange KyberSwap has announced a 10% bounty reward for the hacker who stole $46 million on Nov. 22 and left a note of negotiation. The exchange is requesting 90% of the loot to be returned by 6 am UTC on Nov. 25.

On Nov. 23, KyberSwap alerted users that its liquidity solution, KyberSwap Elastic, was compromised and advised them to withdraw funds. On Nov. 22, the hacker made away with roughly $20 million in Wrapped Ether (wETH), $7 million in wrapped Lido-staked Ether (wstETH), and $4 million in Arbitrum (ARB) tokens. The hacker then transferred the stolen assets across multiple chains, including Arbitrum, Optimism, Ethereum, Polygon, and Base.

KyberSwap hacker shared his openness to negotiate a compromise. Source: etherscan.io

After concealing the stolen funds, the hacker left an on-chain message directed to KyberSwap developers, employees, decentralized autonomous organization members, and liquidity providers, stating, “Negotiations will start in a few hours when I am fully rested.”

KyberSwap team responded to the hacker and offered a 10% bounty. Source: etherscan.io

Following a day’s silence from both ends, KyberSwap responded to the hacker requesting the return of 90% of the stolen funds. The team acknowledged the skills of the hacker and laid down an offer:

“On the table is a bounty equivalent to 10% of users’ funds taken from them by your hack, for the safe return of all of the users’ funds. But we both know how this works, so lets cut to the chase so you and these users can all get on with life.”

If the hacker fails to pay back or respond to KyberSwap by 6 am UTC, Nov. 25, “you stay on the run,” said KyberSwap. The team is open to further discussion with the hacker via email.

Related: KyberSwap announces potential vulnerability, tells LPs to withdraw ASAP

A decentralized finance (DeFi) expert’s analysis of the recent KyberSwap hack suggests that the attacker exploited an “infinite money glitch” to drain funds.

Ambient exchange founder Doug Colkitt explained that the KyberSwap attacker relied on a “complex and carefully engineered smart contract exploit” to carry out the attack.

The attacker then repeated this exploit against other Kyberswap pools on multiple networks, eventually getting away with $46 million in crypto loot.

Magazine: This is your brain on crypto: Substance abuse grows among crypto traders