KyberSwap hacker opens door for negotiations after $45 million exploit

The KyberSwap hacker has shown a willingness to negotiate after exploiting the decentralized exchange for around $45 million, according to on-chain messages.

The attacker publicly messaged KyberSwap, stating negotiations would commence shortly after adequate “rest:”

“Dear Kyberswap Developers, Employees, DAO members, and LPs, Negotiations will start in a few hours when I am fully rested. Thank you.”

The hack

In a Nov. 23 statement, Kyber Network confirmed that KyberSwap, its flagship decentralized exchange product, was exploited for an undisclosed amount.

“As a precautionary measure, we strongly advise all users to promptly withdraw their funds. Our team is diligently investigating the situation, and we commit to keeping you informed with regular updates,” Kyber Network wrote.

However, blockchain security firm Cyvers Alerts estimated the theft to be around $45 million across different chains, including $20 million on Arbitrum, $15 million on Optimism, $7.5 million on Ethereum, $2 million on Polygon, and $315,000 on Base.

The firm added that the attacker was funded by the virtual cryptocurrency mixer Tornado Cash.

Cause of attack?

While the cause of the hack remains elusive, Adam Cochran, a partner at Cinneamhain Ventures, suggested that the attack was a “flash loans and some sort of math/rounding issue.” He added:

“Each [transaction] is starting with an Ethereum balance coming in, looped mint/redeem/swap.”

Doug Colkitt, the founder of Ambient Finance, a decentralized trading protocol, described the hack as “easily the most complex and carefully engineered smart contract exploit” he has ever seen.

In an extensive post on social media platform X (formerly Twitter), Colkitt explained:

“First thing to note is this exploit is specific to Kyber’s implementation of concentrated liquidity. There’s no reason to believe that other reputable concentrated liquidity dexes, like Ambient or Uniswap, are at risk from this exploit. (Though Kyber forks obviously are).”

Meanwhile, the theft significantly impacted the total value of assets locked on KyberSwap, plummeting to approximately $13.61 million from $84.9 million, as per Defillama data.

Additionally, Kyber Network’s native token, KNC, is down more than 2% in the reporting period to $0.72525 as of press time, according to CryptoSlate’s data.

Leave a Reply

Your email address will not be published. Required fields are marked *