- KyberSwap is yet to get back the $7 million that was stolen on November 22.
- The decentralized exchange has offered a 10% bounty to the hacker in a bid to get the funds back.
- Security firm Beosin unveils the intricacies of the exploit, attributing the attack to a vulnerability in Kyber’s liquidity pools.
Following the $47 million KyberSwap hack on November 22, the decentralized exchange protocol has made a bold move in an attempt to recover the funds.
The protocol has offered a bounty in a bid to encourage the hacker to return the stolen assets.
Incentive for the hacker
In response to an on-chain message left by the perpetrator, KyberSwap has offered a 10% bounty (amounting to $4.7 million) to the hacker who executed the exploit.
The hacker had hinted at negotiations with the KyberSwap team, stating, “Dear Kyberswap Developers, Employees, DAO members, and LPs, negotiations will start in a few hours when I am fully rested. Thank you.”
KyberSwap’s co-founder, Victor Tran, conveyed a straightforward ultimatum in an on-chain message, presenting the hacker with a choice: return the funds or “stay on the run.” The bounty offer is contingent on the hacker returning the remaining 90% of the stolen funds to a specified address by 6 am UTC on November 25.
The KyberSwap attack
The attack targeted KyberSwap’s Elastic pools, exploiting a vulnerability related to the tick interval boundaries on Kyber’s liquidity pools. Security firm Beosin revealed that the flaw allowed the hacker to artificially double the liquidity, draining $47 million across various blockchains, including Arbitrum, Ethereum, Optimism, Polygon, and Base.
The incident underscored the persistent challenges and security risks in the decentralized finance (DeFi) space. KyberSwap’s proactive approach of offering a bounty is aimed at mitigating the impact of the exploit and ensuring that liquidity providers are compensated for their losses.
The situation remains fluid as the hacker has not responded to the bounty proposal, maintaining silence since the attack on November 22.