KyberSwap Hacker to Present Proposed Treaty for Stolen Fund’s Return

The mastermind behind the $47 million KyberSwap hack has declared intentions to present a proposal for the potential return of funds on November 30. However, this willingness comes with a caveat–namely, that such plans could be jeopardized if threats and hostilities from executives persist.

As per an on-chain message addressed to KyberSwap developers, employees, members of its Decentralized Autonomous Organization (DAO), and the affected liquidity providers, the individual, whose identity is unknown, appears to be positioning themselves as a negotiator, setting a date for the presentation of a proposed treaty for the return of the misappropriated funds. 

However, this strategic move adds an element of unpredictability to the situation, injecting a sense of urgency into the ongoing dialogue between the hacker and the Decentralized Exchange (DEX) protocol.

About the $47 Million Exploit

Meanwhile, the message from the attacker comes a few days after the protocol experienced an unauthorized wallet movement on its protocol that indicated the exchange had been infringed.

The loss is valued at approximately $47 million, inclusive of $20.7 million on Arbitrum, $15 million on Optimism, $7 million on Ethereum (ETH), $3 million on Polygon, and $2 million on Coinbase’s Base. Notably, the funds were siphoned from KyberSwap’s Elastic Pools liquidity solution.

As such, users were advised to withdraw their funds pending when the breach is addressed and fixed. Although the bad actor clearly stated that negotiations for the stolen funds will commence once he is fully rested.

Another $265k Siphoned from KyberSwap

Recall that in September 2022, KyberSwap’s frontend was exploited and the attackers stole about $ 265,000 worth of users’ funds. Upon detection of the suspicious activity, the team disabled the user interface to carry out an investigation into the cause of the frontend exploit.

As a result, the Ethereum-based on-chain liquidity protocol Kyber Network offered attackers of its DEX a 15% bounty reward in exchange for the stolen funds. According to the investigations, hackers discretely inserted a malicious code in its Google Tag Manager to initiate false approval. This allowed the hacker to transfer users’ funds to his address.

Eventually, Binance identified and reported two wallets linked to the theft. It is not clear yet what the outcome of the current investigation will be but users are advised to stay vigilant.

Other DeFi Attacks in the Cryptosphere

The Decentralized Finance (DeFi) sector has continued to suffer attacks from bad actors in the space. In what is described as the biggest DeFi attack, the Ronin Bridge lost $625 million to hackers earlier this year. The bridge resumed operations in June 2022, months after it halted activity due to the exploit.

Likewise, in a simple copy-and-paste instruction, a group of ethical hackers and other criminal groups exploited the Nomad Bridge. About $32.6 million worth of assets have since been returned after pleas from the bridge.