The decentralized trade KyberSwap has supplied a ten% bounty reward to the hacker who stole $46 million on Nov. 22 and left a word of negotiation. The trade needs 90% of the loot returned by 6am UTC on Nov.25.
On Nov. 23, KyberSwap alerted customers that its liquidity answer, KyberSwap Elastic, was compromised and suggested them to withdraw funds. Within the meantime, on Nov. 22, the hacker made away with roughly $20 million in Wrapped Ether (wETH), $7 million in wrapped Lido-staked Ether (wstETH) and $4 million in Arbitrum (ARB). The hacker then siphoned the loot throughout a number of chains, together with Arbitrum, Optimism, Ethereum, Polygon and Base.
After hiding the stolen funds, the hacker wrote an on-chain message directed to KbyerSwap Builders, Workers, DAO members and LPs, stating, “Negotiations will begin in a number of hours when I’m totally rested.”
Following a day’s silence from each ends, KyberSwap responded to the hacker requesting the return of 90% of the stolen funds. The staff acknowledged the talents of the hacker and laid down a proposal:
“On the desk is a bounty equal to 10% of customers’ funds taken from them by your hack, for the protected return of the entire customers’ funds. However we each understand how this works, so lets reduce to the chase so that you and these customers can all get on with life.”
If the hacker fails to pay again or reply to KyberSwap by 6am UTC, Nov. 25, “you keep on the run,” mentioned KyberSwap. The staff is open to additional dialogue with the hacker through e mail.
Associated: KyberSwap declares potential vulnerability, tells LPs to withdraw ASAP
A dissection of the latest KyberSwap hack by a decentralized finance (DeFi) professional means that the attacker used an ‘infinite cash glitch’ to empty funds.
Ambient trade founder Doug Colkitt defined the KyberSwap attacker relied on a “complicated and thoroughly engineered good contract exploit” to hold out the assault.
1/ Completed a preliminary deep dive into the Kyber exploit, and suppose I now have a reasonably good understanding of what occurred.
That is simply probably the most complicated and thoroughly engineered good contract exploit I’ve ever seen…
— Doug Colkitt (@0xdoug) November 23, 2023
The attacker then repeated this exploit towards different Kyberswap swimming pools on a number of networks, finally getting away with $46 million in crypto loot.
Journal: That is your mind on crypto: Substance abuse grows amongst crypto merchants
