KyberSwap DEX Hacker Makes Bizarre Threats, Demands Total Control
- KyberSwap’s hacker has demanded total control over the Kyber company and its associated assets.
- The ultimatum follows a series of back-and-forth messages between Kyber and the hacker.
- Kyber is yet to comment on the situation and has involved law enforcement.
The hacker responsible for stealing USD $46 million (AUD $70 million) from the decentralised exchange (DEX) KyberSwap has sent another message to the platform’s executives via an Ethereum transaction. In a strange twist of events, the attacker is attempting to frame themselves as rational and a good Samaritan, while depicting the KyberSwap development team as the bad actors. The message reads:
This is my best offer. This is my only offer. I require my demands to be met by December 10, otherwise, the treaty falls through. […] To assist with transition of leadership, I may be contacted on telegram […] Thank you, -Kyber Director
Demand For Total Control
At the crack of noon on November 30, the hacker’s demands for relinquishing the stolen assets came through – and they were wilder than anyone could have predicted.
It appears the attack may have been targeted, rather than an opportunistic money-grabbing scheme, as the hacker’s proposed treaty essentially demands that the current KyberSwap management team dissolve.
The hacker desires:
- Complete executive control over Kyber (the company).
- Full control over the governance mechanism (KyberDAO) to “enact legislative changes”.
- All relevant company documents.
- Surrendering of all Kyber company assets, which the hacker will supposedly pay a “fair price for”.
Again, the hacker’s attempts to make out the they are the reasonable party in this situation, while demanding total control over the Kyber company, is quite bizarre.
Hacker Used Infinite Money Glitch
The KyberSwap exploit occurred on November 22 due to what’s called an infinite money glitch. It is essentially a smart contract bug that was manipulated to create millions of dollars’ worth of cryptocurrency across the Avalanche, Polygon and Ethereum blockchains (as well as some other L2 protocols).
Thanks to the use of front-running bots – programs that can intercept blockchain transactions before they occur – KyberSwap officials have already reclaimed about 10% of the stolen bounty from liquidity pools.