“Despite” legal threats from the project, the KyberSwap hacker has made a series of new demands and even demanded to take control of the entire company.
KyberSwap Hacker "Arrogantly" Claims Control of the Company
On the evening of November 30, 2023, the cryptocurrency community was once again "buzzed" with new information related to the "drama" of hacker KyberSwap and the project management team because of "arrogant" negotiation offers.
The specific story of the incident is as follows: When the attack was completed via flash loan, causing a loss of 47 million USD to the KyberSwap DEX on November 23, 2023, the management team "promised" a 10% bug bounty reward if the hacker returned the money . But when the refund deadline passed, Kyber continued to put pressure by threatening to contact law enforcement and cybersecurity agencies to report the incident in preparation for tracking down the attacker.
As of November 29, 2023, the hacker has responded to Kyber Network, but has not officially made a decision on the incident, and is expected to make a request on November 30 (UTC).
As promised, on the evening of November 30, 2023, the hacker officially submitted his negotiation proposal, but the content of it included many "unexpected" requests, most notably demanding control of the entire Kyber Network.
Content of the negotiation proposal message sent by KyberSwap hacker to the project management board on the evening of November 30, 2023
Specifically, the KyberSwap hacker's requests are as follows:
- Complete operational control over Kyber Network.
- Temporary authority to KyberDAO to make governance changes.
- All documents and information relating to the formation, structure, operations, revenues, profits, expenses, assets, liabilities, investors, salaries, etc. of the company/protocol.
- Surrender all Kyber on-chain and off-chain assets, including: shares, Capital , Token (KNC and non- KNC), partnerships, blogs, websites, servers, passwords, code, social media accounts, and any Kyber intellectual property.
If Kyber Network meets the above requirements, in return, the hacker will give the following "incentives":
- The company will be acquired at a reasonable valuation.
- All employees will receive double their current salaries. Employees who do not want to stay will receive 12 months of severance pay with full benefits and assistance in finding a new job.
- Under the hacker's stewardship, Kyber will undergo a complete makeover. It will no longer be the 7th most popular DEX, but instead a completely new crypto project.
- LP (LPs) will be reimbursed 50% for their recent market making activity.
The deadline for the “Kyber pact” that the hacker gave the project team to meet is before December 10, 2023. After the deadline, the agreement will be canceled, all the money from the attack will obviously “stay” in the hacker’s pocket, meaning the Kyber Network team will not receive any money.
Immediately after the "ultimatum" from the hacker, Kyber Network CEO Victor Tran also "retaliated" with the statement "no one cares about Kyber users as much as the current team". At the same time, he promised to respond to the hacker's message on December 1, 2023 .
No one fucking cares about Kyber users like we do. You deserve the best. Message tomorrow @KyberNetwork .
— Victor Tran (@vutran54) November 30, 2023
It can be seen that this is XEM one of the most complex and sophisticated hacks in history. At the time of the hack, the attacker had "sown" hope by leaving a message ready to negotiate after enough rest. However, up to now, the more "agreements" the more disappointed, the hacker has not yet made any moves to cooperate with the project because he said he "did not like the threatening tone of the management team demanding money".
DeFi insurance firm Sherlock also Chia its sympathies with Kyber Network, highlighting the rigors and difficulty of finding the vulnerability.
However, in its announcement, Sherlock said that Kyber did not register for the insurance program, which resulted in no compensation after this incident. The unit also corrected that the compensation was very small compared to the current $54.7 million in damages.
Sherlock is extremely disappointed to see the @KyberNetwork exploit and is fully engaged in assisting Kyber.
— SHERLOCK (@sherlockdefi) November 25, 2023
The hack is one of the most complex exploits ever seen in DeFi but this does not absolve Sherlock from responsibility.[1]
For background, the Kyber team stands out as a… pic.twitter.com/dBnRECMs3T
KNC price is currently trading around $0.72, overall not too volatile with the latest news related to the hack "drama".
1h chart of KNC/ USDT pair on Binance exchange at 09:10 PM on 11/30/2023
Coin68 synthesis
Join the discussion about the HOTTEST issues of the DeFi market in the Fomo Sapiens chat group with Coin68 admins!!!
