KyberSwap Hacker Transfers $2.5M in Stolen Funds to Ethereum Network

The perpetrator of the attack on KyberSwap, a decentralised exchange (DEX), has been observed transferring significant amounts of stolen funds across different blockchains.

Blockchain analysis company PeckShield reported on February 26th movements from the wallet address associated with the KyberSwap attacker. Data from the blockchain indicates that the hacker shifted 798.8 Ether, valued at nearly $2.5 million, from Arbitrum to the Ethereum network.

In addition to the aforementioned $2.5 million, the hacker also transferred close to one million dollars in stablecoins. A wallet connected to the attacker moved $826,500 worth of the Dai stablecoin to another wallet.

Fund movements from the KyberSwap hacker’s wallet. Source: PeckShield

The KyberSwap breach stood out as one of the most substantial hacks of 2023. On November 23rd, the DEX notified its community of a “security incident” and recommended users withdraw their assets. Initially, it was reported that approximately $46 million in digital assets were compromised. However, it later surfaced that the total loss almost reached $49 million.

On that same day, the hacker left a message on-chain for the KyberSwap team, indicating negotiations would commence when they were “fully rested.” In response, KyberSwap offered the attacker a reward of $4.6 million in exchange for the return of 90% of the stolen assets.

However, the negotiation process took a negative turn when the hacker expressed dissatisfaction with KyberSwap’s approach. By November 29th, the hacker issued a threat via an on-chain message, stating negotiations would be further delayed if KyberSwap persisted in threats of legal action and perceived hostility.

Subsequently, the hacker surprised observers by demanding complete control over the KyberSwap company and all its assets. Additionally, the hacker requested temporary full authority and ownership of KyberDAO, the governance mechanism for Kyber, along with all related documents. The deadline set for the company to decide on these demands was December 10th, 2023, failing which the “treaty” would collapse.

In response to these demands, the KyberSwap team opted to initiate treasury grants for the victims of the hack. On December 2nd, 2023, the team announced plans to provide grants to those who suffered losses in the exploit and had not yet recovered their funds. The incident also had severe repercussions for the company itself, resulting in a 50% reduction in its workforce one month after the attack.