KyberSwap Hacker Also Links $2.5 Million of Stolen Funds to Ethereum

A wallet address associated with the KyberSwap operator was observed transferring $2.5 million from Arbitrum to Ethereum.

The hacker behind the attack on the decentralized exchange (DEX) KyberSwap has been seen moving millions in digital assets from one blockchain to another. On February 26, blockchain analytics firm PeckShield released movements from a wallet address linked to the KyberSwap attacker. According to blockchain data, the hacker bridged approximately 798.8 Ether, worth around $2.5 million, from Arbitrum to the Ethereum network.

Besides the $2.5 million, the hacker also moved nearly $1 million in stablecoins. A wallet associated with the operator transferred $826,500 in DAI stablecoin to another wallet. The KyberSwap attack was one of the largest hacks of 2023. On November 23, the DEX warned its community of a security incident and advised users to withdraw their funds. Initially, it was revealed that about $46 million in digital assets were taken during the exploitation. However, it later emerged that the total amount lost was approximately $49 million.

The hacker also left a chain message for the KyberSwap team on that day, stating that negotiations would begin once he had fully rested. In response, the KyberSwap team offered the attacker a $4.6 million bounty in exchange for returning 90% of the stolen funds. However, as the hacker began to express dissatisfaction with KyberSwap’s approach, the bounty negotiations worsened. On November 29, the hacker sent a chain message threatening to further delay negotiations if the KyberSwap team continued its threats of legal action and what the hacker described as an unfriendly approach.

Ultimately, the hacker made an unexpected demand for full control of KyberSwap and all its assets. The hacker also demanded temporary full authority and ownership over KyberDAO, which serves as the governance mechanism for Kyber and all related documents. The hacker gave the company until December 10, 2023, to decide before the treaty would be destroyed. Following the hacker’s demands, the KyberSwap team decided to launch a treasury financial aid for the victims of the hack. On December 2, 2023, the team announced the extension of financial aid to those who had lost their capital in this exploit and had not been recovered. The hack also significantly impacted the company, reducing half of its workforce a month after the exploitation.