The hackers responsible for the $48 million KyberSwap heist have now expanded their demands, demanding complete executive control over the decentralized exchange (DEX).
Hackers released updated requirements. On-chain message Sent on November 30th.
They had previously expressed a willingness to negotiate a bounty, but on November 28 they complained that they had received threats from KyberSwap management and were generally unfriendly.
complete acquisition
The hackers’ latest demands include full control of KyberSwap and temporary and full ownership of the platform’s governance mechanism, KyberDAO. It also asks for all documents related to the company’s structure, profits, revenue, assets, liabilities and employee salaries. The attacker also claims to receive all KyberSwap assets, including both on-chain and off-chain holdings.
In return, the hackers promise to buy out the company’s management at “fair value” and promise to double the salaries of any employees who choose to remain after the acquisition. Those who decide to leave will be offered a 12-month severance package.
The message also outlines plans for a “complete revamp” of the Kyber project, with the goal of increasing the value of tokens that the hackers currently deem “worthless.” Liquidity providers (LPs) affected by the attack are promised a rebate equal to 50% of their most recent market-making losses.
The hackers set a deadline for the KyberSwap team to meet these demands by December 10th or the offer would be invalidated. Additionally, contacting an agent regarding a hacker’s transactions on KyberSwap will invalidate the proposed “treaty”.
The hacker’s unprecedented move has sparked a mix of alarm and skepticism in the cryptocurrency community. It has also reopened the debate about the security of decentralized protocols and how to improve them.
KyberSwap has not responded yet
DEX’s leadership team has yet to publicly respond to the hacker’s latest message.
KyberSwap initially offered a bounty deal, offering to return 90% of the funds stolen by the hackers and keep the remaining 10%. But when the hackers failed to immediately comply, KyberSwap threatened legal action and claimed it had the exploiters’ digital footprints to track.
DEX also announced plans for a public bounty program to encourage information leading to the arrest of hackers and recovery of user funds.
KyberSwap succeeded in recovering $4.67 million of the $46 million stolen. This is due to the actions of leading bot operators on the Polygon and Avalanche networks.
Described by decentralized finance expert Doug Colkitt as an “infinite funds glitch,” the exploit was a complex smart contract exploit that spanned multiple networks, including Avalanche, Polygon, Ethereum, Arbitrum, Optimism, and Base.