KyberSwap Hacker Moves Millions in Stolen Assets, Demand Control Over Company

Hacker behind KyberSwap attack shifts millions in digital assets. Demands control over company and assets after negotiations take hostile turn.

The individual responsible for the breach targeting the decentralized exchange (DEX) KyberSwap has been observed transferring substantial sums of digital assets across different blockchains.

As of Feb. 26, blockchain analysis company PeckShield disclosed movements from the wallet address associated with the KyberSwap attacker. Based on blockchain records, the culprit transferred 798.8 Ether (ETH), with an approximate value of $2.5 million, from Arbitrum to the Ethereum network.

Additionally, besides the $2.5 million, nearly one million dollars in stablecoins were also relocated. A wallet linked to the perpetrator moved $826,500 worth of the Dai (DAI) stablecoin to another wallet.

The assault on KyberSwap marked one of the most significant breaches of 2023. On Nov. 23, the DEX informed its community of a "security incident" and urged users to withdraw their assets. Initially, it was revealed that approximately $46 million in digital assets were siphoned during the attack. However, subsequent investigations revealed that the total losses nearly reached $49 million.

On the same day, the hacker left a message on-chain for the KyberSwap team, indicating that negotiations would commence once they were "fully rested." In response, the KyberSwap team proposed a bounty of $4.6 million to the attacker in exchange for the return of 90% of the stolen funds.

Nevertheless, the bounty negotiations took an unexpected turn when the hacker expressed dissatisfaction with KyberSwap’s approach. On Nov. 29, the hacker issued an on-chain threat, warning the team of further delays in negotiations if they persisted with threats of legal action and what the hacker perceived as hostility.

Subsequently, the hacker made a surprising demand, insisting on complete control over the KyberSwap company and all its assets. Additionally, the hacker requested temporary full authority and ownership over KyberDAO, the governance mechanism for Kyber, along with all related documents. The hacker set a deadline of Dec. 10, 2023, for the company to respond before considering the "treaty" null and void.

In response to the hacker’s demands, the KyberSwap team opted to initiate treasury grants for the victims of the breach. On Dec. 2, 2023, the team announced the implementation of grants for those affected by the exploit and whose funds had not been recovered. The incident also had a significant impact on the company, leading to a 50% reduction in its workforce a month after the breach.