Following the $47 million KyberSwap hack on November 22, KyberSwap has taken a bold step in order to recover these funds. The decentralized exchange has offered a 10% reward to the hacker in an attempt to get their funds back. The exploit is explained in detail, blaming the attack on a flaw in Kyber’s liquidity pools.
In response to the message that was left on the chain by the perpetrator, KyberSwap has offered to pay a 10% bounty ($4.7 million) to the hacker responsible for executing the exploit. The hacker hinted at negotiations with the KyberSwap team, stating “Dear Kyberswap Developers, Employees, DAO members, and LPs, negotiations will start in a few hours when I am fully rested. Thank you.” KyberSwap’s co-founder, Victor Tran, left a message on the chain, giving the hacker the option to either return the money or “stay on the run.” The hacker is required to return 90% of the funds stolen by 6 am UTC, November 25.
The attack targeted KyberSwap’s Elastic Pools, exploiting a weakness related to the tick-interval boundaries on Kyber’s liquidity pools. The hacker was able to drain $47 million from various blockchains by exploiting the vulnerability, including Arbitrum, Ethereum, Optimism, Polygon, and Base. This incident highlights the security and safety risks that exist in the Decentralized Finance (DeFi) sector. KyberSwap’s proactive approach of offering a bounty is aimed at mitigating the impact of the exploit and ensuring that liquidity providers are compensated for their losses. The situation remains fluid, as the hacker is still silent and has not responded to the bounty proposals.