In an unprecedented ultimatum, the hackers behind the November KyberSwap attack insisted on taking full control of the project, including the confiscation of assets, files, and governance controls.
The hackers responsible for the $48 million KyberSwap theft have escalated their demands and now seek full executive control over the decentralized exchange (DEX).
The hackers revealed the updated requirements in an on-chain message sent on November 30.
They had previously expressed their willingness to negotiate a bounty, but complained about receiving threats from KyberSwap’s executive team on November 28 and a general lack of kindness.
Complete Takeover
The hackers’ latest demands include full control of KyberSwap and temporary and full ownership of the platform’s governance mechanism, KyberDAO. In addition, they ask for all documents related to the company’s structure, profits, revenues, assets, liabilities, and employees’ salaries. The attackers also insist on receiving all KyberSwap assets, both on-chain and off-chain.
In return, the hackers promised to buy shares in the company’s executives at a “fair valuation” and promised to double the salaries of employees who chose to stay after the acquisition. Those who choose to leave will receive 12 months of severance pay.
The message also outlines plans to give the Kyber project a “complete makeover” aimed at boosting the value of its tokens, which the hackers currently consider “worthless.” Liquidity providers (LPs) affected by the attack pledged to receive a rebate equal to 50% of their recent market-making losses.
The hackers have set a deadline for the KyberSwap team to meet these requirements by December 10 or the offer will be invalid. In addition, any proxy contact regarding hackers trading on KyberSwap would invalidate the proposed “treaty.”
The hacker’s unprecedented move has caused alarm and suspicion in the crypto community. It has also reignited the debate around the security of decentralized protocols and how to improve them.
KyberSwap has not responded
The DEX leadership team has yet to publicly respond to the latest news from the hackers.
KyberSwap initially came up with a bounty protocol that advised the hackers to return 90% of the stolen funds and keep the remaining 10%. However, since the hackers did not immediately comply, KyberSwap threatened to take legal action and claimed to have the attackers’ digital footprints to trace.
The DEX also announced a public bounty program to encourage the provision of information to arrest hackers and recover user funds.
KyberSwap has successfully recovered $4.67 million from the $46 million stolen, attributed to the actions of front-running bot operators on the Polygon and Avalanche networks.
Described as an “infinite money glitch” by decentralized finance expert Doug Colkitt, the vulnerability is a complex smart contract vulnerability across multiple networks, including Avalanche, Polygon, Ethereum, Arbitrum, Optimism, and Base.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
