The KyberSwap decentralized autonomous organization (DAO) that runs the DEX KyberSwap reached out to the hacker with an offer to return most of the funds in exchange for a reward.
“You have carried out one of the most sophisticated hacks. […] A reward on the table equivalent to 10% of the users’ funds withdrawn by you,” the message said.
The DAO’s representatives set a deadline for the attacker — 90% of the assets must be returned by 06:00 UTC on 25 November.
The breach of the Elastic Pools liquidity pool, in which the hacker withdrew about $47 million from the protocol, became known on November 23. He left a message in the transaction indicating his intent to begin negotiations “in a few hours”.
According to Ambient founder Doug Colkitt, the attacker used “a complex and carefully crafted smart-contract exploit.”
2/ First thing to note is this exploit is specific to Kyber’s implementation of concentrated liquidity
There’s no reason to believe that other reputable concentrated liquidity dexes, like Ambient or Uniswap, are at risk from this exploit. (Though Kyber forks obviously are)
— Doug Colkitt (@0xdoug) November 23, 2023
Besoin experts estimated the exchange’s losses at about $48 million in various assets, “primarily including 16,217 ETH, 3,987,332 ARB, 591,441 OP and 1,111,926 DAI”.
On 22 November Justin Sun reported a hacker attack on HTX’s hot wallet and cross-chain bridge Heco Bridge. Experts estimate the damage at over $110 million.
Previously, Poloniex was hacked. Then Sun announced “successful identification and freezing of part of the assets linked to the hacker’s addresses”. He gave the latter a week to return the stolen funds for a reward of 5% of the amount, which amounted to about $6.25 million.
A few days later, Tron founder increased the reward for the hacker to $10 million.