Original - Odaily
Edit - 0xAyA
In the encryption world, regardless of the outcome of most stolen cases, the intentions of the attackers are surprisingly the same: only seeking money and not life. However, KyberSwap is facing a completely different opponent than before: the hacker claimed to be a director of Kyber and not only demanded control of Kybers property, but also took over control of the entire protocol and company. What is the purpose of this threat that goes beyond the pursuit of traditional personal economic interests? Is the hacker really one of Kyber’s directors? How can the agreement respond to various requirements?
The protocol is under attack, and the hackers are really drama experts
On November 23, KyberSwap suffered an attack. Cryptoassets worth approximately US$48 million were stolen, including the ETH mainnet, Base, and Arbitrum chains. Kyber’s official Twitter also issued a statement, stating that the team is working hard to investigate the situation and advise users Withdraw funds without clicking on any phishing links or replying to private messages.
After the complex and cumbersome attack worked, the hacker left a sarcastic statement and said, Lets have a good rest before negotiating.
In fact, in various protocol theft incidents, it has become a tacit understanding between hackers and project parties to resolve problems through negotiation - with the help of white hat teams and other channels, project parties are often able to locate the specific location of hackers. And identity, and hackers are also well aware of the truth behind the crime, so they are more willing to reasonably pocket part of the stolen funds in the form of selling personal favors or vulnerability detection fees.
Just last September, the KyberSwap front-end was attacked, and two addresses lost a total of US$265,000. The Binance security team stated on September 3 that it had identified two suspects who attacked KyberSwap. At that time, Kyber officially issued a statement that the attack If the attacker returns the funds through the centralized exchange before the specified time, he will receive a 15% bug bounty. After that, the attacker returns most of the funds and the matter comes to an end.
This time Kyber also proposed the same solution - KyberSwap issued a statement after the hacker left a negotiation message, providing a 10% bounty as an incentive to recover users stolen funds. The project team also stated that “this hacking attack is one of the most complex attacks in the history of DeFi, and the attacker needs to perform a series of precise on-chain operations to exploit this vulnerability.”
The lion opens his mouth, hackers want money but also life
Everything developed as expected. After the announcement, the hackers returned the funds on Polygon and Avalanche one after another. But when everyone thought that the theft case would eventually end with the return of most of the funds, something happened. Variety.
On November 29, the KyberSwap attacker posted a message on the chain saying: KyberSwap executives, employees, token holders and liquidity providers, I said I was willing to negotiate. However, what I received was (mostly) Threats, deadlines and generally unkind responses from the executive team. Thats okay, I dont mind. I have prepared a statement regarding our (potential) treaty. I plan to publish it on November 30th at noon UTC time . Assuming I continue to be treated with hostility, we can reschedule for a later date, when we both feel more amicable. You just have to say the word. If not, we will proceed as planned on November 30th.
The next day, the hacker published his statement on the chain and made specific demands: full executive control of the Kyber company; temporary full control of KyberDAOs governance mechanism to implement legislative changes; and a demand to hand over all company/protocol-related matters. documents and information. In addition, the hackers also demanded that the Kyber company hand over all on-chain and off-chain assets. The hackers said that once the demands are met, a series of compensation measures will be implemented for company executives, employees, token holders and investors. These include providing fair valued buyouts for executives, doubling employee salaries, providing 12 months of severance and comprehensive benefits to employees who do not want to stay, and guaranteeing the value of investor tokens. The hacker who calls himself Kyber Director emphasized that if his demands are not met before December 10, or if he is contacted by any agent of a sovereign country, the settlement agreement will collapse, and he even said: This is my final decision. A good offer and my only offer.”
Regarding this statement, Kyber co-founder and CEO Kyber Victor Tran expressed his attitude: It has been a few days since the exploit attack, and I am still fully committed to doing my best with the team to bring the attacker to justice. Everyone who knows me knows that I will not give up or stop supporting the efforts of all users to recover their funds. He also stated that it will be published on the Kyber Network official account tomorrow (December 1). Relevant statement.
Many community members left messages under this tweet to support Victors actions, and Justin Sun also expressed his support for Victor under this tweet.
The official statement comes and the incident comes to an end?
On December 1, the KyberSwap official account issued a statement, reiterating that it will unswervingly track down the attackers and recover the user funds taken from them. At the same time, it plans to use KyberSwap Treasury to pay everyone who has lost funds in the exploit and has not yet recovered them. Users are offered a subsidy up to 100% of the stolen funds. Details of the proposed financial allocations are being worked out and more information will be announced in the next two weeks.
VictorTran retweeted the statement and said that this kind of hack kills the enthusiasm and innovation of contributors and innocent users, hoping that KyberSwap is the last and only project to be affected by this kind of attack.
At present, there has been no further reaction from the hacker. As of press time, the price of KNC tokens was temporarily reported at $0.721, down 2.7% in the past seven days, with an amplitude of 10.8%.
In the vast majority of cases of cryptocurrency theft, the attacker’s motivation is usually simply the pursuit of wealth, without much consideration for other factors. However, the opponents faced by KyberSwap are completely different from before. These hackers not only pursue property control of KyberSwap, but also desire to gain control of the entire protocol and company. The demands made by the hackers make KyberSwap face unprecedented risks and challenges.
Although the motive of the hacker is still unclear, KyberSwap’s attitude is still very clear. They will continue to invest resources and energy to track down the attacker and strive to bring this matter to a successful end. In the ever-changing dark forest of the encryption world, security has always been an important issue. Both users and project parties need to be alert to meet the challenges.
This attack from hackers is by no means the first, nor will it be the last.