The decentralized exchange KyberSwap has offered a 10% bounty reward to the intruder who left a note of negotiation along with the $46 million stolen on November 22.
The exchange requires the return of 90% of the treasure by November 25 at 6 a.m. UTC. KyberSwap informed users on November 23 that KyberSwap Elastic, its liquidity solution, had been compromised and recommended that they withdraw their funds.
Subsequently, on November 22, the intruder acquired approximately $4 million in Arbitrum (ARB) tokens, $7 million in wrapped Lido-staked Ether (wstETH), and $20 million in wrapped Ether (wETH).
The wealth was subsequently siphoned across numerous chains, including Polygon, Arbitrum, Optimism, and Ethereum, by the hacker.
The hacker wrote an on-chain message to KyberSwap developers, employees, decentralized autonomous organization members, and liquidity providers.
Negotiations will commence in a few hours, once I have fully rested,” after concealing the stolen funds. KyberSwap responded to the hacker after a day of silence on both ends, wherein the hacker was requested to refund 90% of the stolen funds for a bounty.
In recognition of the hacker’s expertise, the team extended the following proposition: “You remain on the run,” stated KyberSwap, if the hacker does not return the payment or provide a response by 6 a.m. UTC on November 25.
Additional correspondence between the team and the infiltrator via email is permitted. A decentralized finance (DeFi) expert’s analysis of the recent KyberSwap breach indicates that the perpetrators exploited an “infinite money glitch” to siphon off funds.
Doug Colkitt, the originator of the Ambient exchange, explained that the KyberSwap attacker executed the attack using a “complex and meticulously engineered smart contract exploit.”
Subsequently, the assailant replicated this vulnerability against additional Kyberswap pools spanning multiple networks, ultimately escaping with crypto assets worth $46 million.