KyberSwap Announces Grants from Protocol Treasury to Aid Victims of Recent Exploit
The team behind KyberSwap announced that it would offer grants from the protocol’s treasury to victims of the recent exploit, aiming to provide monetary relief.
In a post on X (formerly Twitter), the team behind KyberSwap reiterates its unwavering commitment to supporting law enforcement and cybersecurity efforts to track down the exploiter and recover users’ funds.
In relation to the KyberSwap Elastic incident that transpired from 22 November 2023, 10:54:09 PM UTC, resulting in the exploitative swaps by the exploiter that drained approximately $48.8 million of users’ funds from KyberSwap Elastic liquidity pools, we reiterate our unwavering…
— Kyber Network (@KyberNetwork) December 1, 2023
The team discloses its intention to provide compensation to users who fell victim to the exploitative actions that drained users’ funds from the platform.
In a public statement, KyberSwap emphasized its dedication to supporting users during this challenging period and acknowledged the ongoing concerns of those who suffered losses due to the exploit.
The decentralized finance protocol suffered a substantial exploit on November 22, where an exploiter drained approximately $48.8 million from users’ funds in KyberSwap Elastic liquidity pools.
The team acknowledges the concerns of users, especially those facing hardships due to the exploit. Despite KyberSwap Elastic being a decentralized and permissionless protocol where users accept the risk, KyberSwap aims to ease the hardship faced by affected users.
As part of its commitment, KyberSwap plans to provide grants from the KyberSwap Treasury to users who lost funds in the exploit and have yet to recover them. The proposed grant is intended to be up to the USD value of the funds at the time of the exploit.
The details of this Treasury grant are currently being worked out, and KyberSwap will announce more information within the next two weeks. The company remains committed to transparency and supporting affected users during this challenging period.
KyberSwap Recovers $4.7 Million Following $48.8 Million Exploit; Hacker Demands Control Over Project
Investigations into the exploit have revealed that the vulnerability lay in the tick interval boundaries of KyberSwap’s concentrated liquidity pools. This flaw allowed an attacker to artificially inflate the liquidity, leading to a significant drain of funds. The hacker specifically targeted KyberSwap’s elastic pools, affecting funds across various blockchains such as Arbitrum, Optimism, Ethereum, Polygon, and Binance Smart Chain.
Initially, the loss was estimated at $47 million, but further analysis confirmed the higher figure of $48.8 million. In an attempt to recover the stolen funds, KyberSwap offered the hacker a 10% white-hat hacker reward in exchange for returning the funds. However, the hacker was not interested in accepting the reward and made other demands in a strange on-chain message, including asking the team for full control over the project.
Interestingly, KyberSwap has successfully recovered $4.7 million of the stolen funds, which were separately taken by third-party MEV bots during the hack. This partial recovery and the proposed Treasury grants reflect the platform’s proactive approach to addressing security breaches.
According to KyberSwap’s update, the recovered funds include 361.92 axl-wstETH ($870.5k), 441.8 WETH ($919k), 261.5 wstETH (~$624k), 711,430.9 WMATIC (~$547.8k), 443,011.6 USDT (~$443k), 385,630.7 USDC (~$385.6k), and 65,130 USDT (~$65.1k).
The team hasn’t yet responded to the explorer’s latest message on X and is presumably waiting to see the new treaty proposed by the hacker.
In a recent interview with the hacker, the attacker said that his goal was to buy KyberSwap cheaply.