{"id":87724,"date":"2023-11-30T18:11:04","date_gmt":"2023-11-30T16:11:04","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=87724"},"modified":"2025-09-13T13:38:15","modified_gmt":"2025-09-13T10:38:15","slug":"hacker-behind-kyberswap-breach-demands-full-control-over-the-project","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/hacker-behind-kyberswap-breach-demands-full-control-over-the-project\/","title":{"rendered":"Hacker behind KyberSwap breach demands full control over the project"},"content":{"rendered":"<p>The hacker behind the decentralized exchange KyberSwap demanded the transfer of all project assets and documents, including equity and tokens.<\/p>\n<blockquote class=\\\"twitter-tweet\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">??? New development on the <a href=\\\"https:\/\/twitter.com\/KyberNetwork?ref_src=twsrc%5Etfw\\\">@KyberNetwork<\/a> exploit: <a href=\\\"https:\/\/t.co\/fkaiyVQ0d4\\\">https:\/\/t.co\/fkaiyVQ0d4<\/a> <a href=\\\"https:\/\/t.co\/oF5GdRgMbb\\\">pic.twitter.com\/oF5GdRgMbb<\/a><\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a href=\\\"https:\/\/twitter.com\/peckshield\/status\/1730204247583842787?ref_src=twsrc%5Etfw\\\">November 30, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>He noted that it concerns both on-chain and off-chain ownership.<\/p>\n<p>News of the Elastic Pools liquidity pool hack, through which the hacker withdrew about $47 million from the protocol, <a href=\"https:\/\/forklog.com\/en\/news\/hacker-drains-kyberswap-elastic-pools-of-about-47-million\">was revealed<\/a> on 23 November. In the transaction he left a message signaling his intention to start negotiations \u201cwithin a few hours\u201d.<\/p>\n<p>Later, the KyberSwap <a href=\"https:\/\/forklog.com\/en\/news\/what-is-a-dao-decentralised-autonomous-organisation\">decentralized autonomous organization<\/a> appealed to the attacker with an offer to return most of the funds by 25 November in exchange for a reward.<\/p>\n<p>A week later, the hacker responded, proposing the aforementioned \u201csole and best\u201d terms.<\/p>\n<p>If implemented, he pledged to double employees\u2019 salaries. For those who choose to leave the project, the hacker said he would provide a 12-month severance with full benefits and help in finding new work.<\/p>\n<p>Under his plan, liquidity providers would be entitled to recover 50% of the funds. The attacker acknowledged that this was \u201cnot what would satisfy them, but more than they deserve.\u201d<\/p>\n<blockquote class=\\\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\\\">\n<p><em>\u201cToken holders, your assets will lose value. Isn\u2019t that enough? I will go further. Under my leadership Kyber will undergo a complete restructuring. It will no longer be the seventh most popular <a href=\"https:\/\/forklog.com\/en\/news\/what-is-a-decentralised-exchange-dex\">DEX<\/a>, but rather a completely new cryptographic project,\u201d<\/em> the hacker wrote.<\/p>\n<\/blockquote>\n<p>He offered top executives a \u201cfair value\u201d buyout. The hacker noted that the latter \u201cdid nothing wrong and were simply unlucky due to a misstep\u2014the rounding in the wrong direction\u201d.<\/p>\n<p>The hacker set December 10 as a deadline. If the terms are not met by then, he will deem the agreement a failure. The hacker left his contacts on Telegram.<\/p>\n<p>Earlier, the KyberSwap team warned about fake compensation offers.<\/p>\n<p>Earlier, in November, an unknown individual withdrew <a href=\"https:\/\/forklog.com\/en\/news\/hacker-siphons-off-25-million-from-kronos-research-platform\">$25 million<\/a> in cryptocurrencies from the Taiwanese trading platform Kronos Research.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The hacker behind the decentralized exchange KyberSwap demanded the transfer of all project assets and documents, including equity and tokens.<\/p>\n","protected":false},"author":1,"featured_media":87725,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,1416],"class_list":["post-87724","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-kyber-network"],"aioseo_notices":[],"amp_enabled":true,"views":"29","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/87724","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=87724"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/87724\/revisions"}],"predecessor-version":[{"id":87726,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/87724\/revisions\/87726"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/87725"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=87724"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=87724"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=87724"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}