{"id":87478,"date":"2023-11-24T14:42:07","date_gmt":"2023-11-24T12:42:07","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=87478"},"modified":"2025-09-13T12:04:22","modified_gmt":"2025-09-13T09:04:22","slug":"kyberswap-offers-hacker-a-90-payout-to-return-most-of-the-funds","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/kyberswap-offers-hacker-a-90-payout-to-return-most-of-the-funds\/","title":{"rendered":"KyberSwap offers hacker a 90% payout to return most of the funds"},"content":{"rendered":"

The KyberSwap decentralized autonomous organization<\/a> (DAO) that runs the DEX KyberSwap reached out to the hacker with an offer to return most of the funds in exchange for a reward.<\/p>\n

\\\"Snimok-ekrana-2023-11-24-v-12.45.51\\\"
Data: Etherscan<\/a>.<\/figcaption><\/figure>\n
\n

“You have carried out one of the most sophisticated hacks. […] A reward on the table equivalent to 10% of the users’ funds withdrawn by you,” the message said.<\/p>\n<\/blockquote>\n

The DAO’s representatives set a deadline for the attacker \u2014 90% of the assets must be returned by 06:00 UTC on 25 November.<\/p>\n

The breach of the Elastic Pools liquidity pool, in which the hacker withdrew about $47 million from the protocol, became known<\/a> on November 23. He left a message in the transaction indicating his intent to begin negotiations “in a few hours”.<\/p>\n

According to Ambient founder Doug Colkitt, the attacker used “a complex and carefully crafted smart-contract exploit.”<\/p>\n

\n

2\/ First thing to note is this exploit is specific to Kyber’s implementation of concentrated liquidity<\/p>\n

There’s no reason to believe that other reputable concentrated liquidity dexes, like Ambient or Uniswap, are at risk from this exploit. (Though Kyber forks obviously are)<\/p>\n

\u2014 Doug Colkitt (@0xdoug) November 23, 2023<\/a><\/p><\/blockquote>\n