KyberSwap Hack: Math helped hacker steal $47 million

[Brother]

Representatives of the exchange urged users to withdraw funds immediately.

Representatives of the decentralized exchange KyberSwap on November 23 reported on the hacking of the Elastic Pools liquidity pool, as a result of which the hacker withdrew about $47 million. The project team recommends that users withdraw funds immediately.

The hack was discovered by a user under the pseudonym Spreek, who indicated a suspicious withdrawal of funds. According to his calculations, the stolen assets include $7.5 million in Ethereum, $15 million in Optimism, $16 million in Arbitrum, $2.8 million in Polygon and $870,000 in Base.

The hacker left a message attached to the transaction, promising to start negotiations in a few hours. "Dear KyberSwap developers, employees, DAO members and partners, negotiations will begin in a few hours when I am fully rested. Thank you," the intruder said in the message.

Cinneamhain Ventures General Partner Adam Cochran suggests that the hacker used flash loans and mathematical calculations to break in, since each transaction began with the receipt of ETH to pay for the swap.

 

[Brother]

The attacker behind the hack of the decentralized exchange KyberSwap demanded the transfer of all assets and documents of the project, including shares and tokens.

New development on the @KyberNetwork exploit: https://t.co/fkaiyVQ0d4 pic.twitter.com/oF5GdRgMbb
— PeckShield Inc. (@peckshield) November 30, 2023

https://twitter.com/x/status/1730204247583842787

We are talking about both on-chain and off-chain property, he said.

On November 23, it became known about the hacking of the Elastic Pools liquidity pool, as a result of which the hacker withdrew about $47 million from the protocol. By the end of the transaction, he left a message about his intention to start negotiations "in a few hours."

Later, the decentralized autonomous organization that manages KyberSwap turned to the attacker with a proposal to return most of the funds for a reward by November 25.

A week later, the hacker responded by putting forward the" only and best " conditions mentioned above.

When they are implemented, he pledged to double the salaries of employees. For those who decide to leave the project, the hacker is ready to provide a 12-month severance package with full benefits and help in finding a new job.

According to his plan, liquidity providers will be able to count on a 50% refund of funds. The attacker admitted that this is "not something that could suit them, but more than they deserve."

"Token holders, your assets will lose value. Isn't that enough? I'll go even further. Under my leadership, Kyber will undergo a complete overhaul. This will no longer be the seventh most popular DEX, but rather a completely new cryptographic project," the hacker wrote.

He offered top managers a buyout "at fair value." The hacker noted that the latter "did nothing wrong and they were just unlucky because of a mistake made — rounding in the wrong direction."

The attacker set December 10 as the deadline. If the conditions are not met at the end of the time limit, it will consider the agreement failed. The hacker left his contacts in Telegram.

Earlier, the CyberSwap team warned about fake compensation.

 

[Brother]

The team of the decentralized exchange KyberSwap will offer grants from the project Treasury to users affected by the November hack for $48.8 million.

In relation to the KyberSwap Elastic incident that transpired from 22 November 2023, 10:54:09 PM UTC, resulting in the exploitative swaps by the exploiter that drained approximately $48.8 million of users’ funds from KyberSwap Elastic liquidity pools, we reiterate our unwavering…
— Kyber Network (@KyberNetwork) December 1, 2023

https://twitter.com/x/status/1730631569872916534

According to initial reports, Elastic Pools ' liquidity pool losses totaled about $47 million in cryptocurrencies.

According to KyberSwap, customers independently assumed the risks of using the decentralized protocol. However, the team decided to support the victims.

"We plan to provide users with grants from the KyberSwap Treasury to ease the losses caused by the exploit," the report says.

Payments will be made in the amount "not exceeding the value of funds in US dollars at the time of their withdrawal from the account," the team stressed. It is working on the details of the proposal and will disclose more detailed information about grants within two weeks.

 

[Brother]

Victor Tran, CEO and co-founder of the decentralized exchange KyberNetwork, announced a 50% reduction in staff due to the recent $50 million hack of the KyberSwap protocol.

Victor Tran lamented the drastic reduction in staff needed to reallocate resources. Tran called them dedicated, honest and talented personnel who have greatly contributed to the development of the DeFi industry. To support departing team members, KyberSwap management has created a dedicated employee database, encouraging others in the Web3 sector to consider collaborating with these professionals.

KyberNetwork noted that despite the withdrawal of assets from the liquidity pools of the Elastic platform, the exchange is still operating steadily. In addition, the platform is about to launch an API solution called Zap, expanding access to decentralized finance (DeFi) liquidity protocols. Tran emphasized that KyberSwap will support affected users through the KyberSwap Elastic Exploit program, covering up to 100% of losses. However, KyberSwap has temporarily suspended initiatives on the liquidity protocol and the KyberAI project.

Let us recall that the hacker who hacked KyberSwap was offered a reward of 10% of the stolen funds. However, the attacker did not want to resolve the conflict peacefully. He demanded full control over the site and access to bank accounts.