$4.7 Million Returned to Kyperswap by Hacker

Reading Time: 2 minutes
  • Kyberswap has successfully recovered $4.67 million after a security attack led to a $50 million loss from its concentrated liquidity pools
  • The attack exploited vulnerabilities in Kyberswap’s Elastic pools across various blockchains, including Ethereum, Polygon, and Binance Smart Chain
  • Negotiations with front-running bot operators resulted in an agreement to return 90% of the funds with a 10% bounty incentive

Decentralized exchange Kyberswap has revealed that it has received almost 10% of the funds stolen in a recent hack following a deal with the hacker. The exchange lost nearly $50 million from its concentrated liquidity pools last week and instantly began negotiations with the hacker over the return of the funds, with the hacker allowed to keep 10%. This has resulted in $4.67 million coming back to the pools, with negotiations continuing over the rest of the stolen funds.

Bot Operator Takes Bounty

The hacking incident targeted Kyberswap’s Elastic pools, affecting funds across various blockchains, including Arbitrum, Optimism, Ethereum, Polygon, Binance Smart Chain, and Base. The attacker exploited a vulnerability linked to the tick interval boundaries in Kyber’s concentrated liquidity pools, allowing them to steal over $46 million in digital assets.

In response to the attack, Kyberswap engaged in negotiations with the operators of front-running bots responsible for extracting approximately $5.7 million in crypto from the protocol’s pools on the Polygon and Avalanche networks during the hack. These negotiations concluded on November 26, with the bot operators agreeing to return 90% of the funds to a specified Kyberswap address on the Polygon network, receiving a 10% bounty as a ‘reward’.

Talks Continue with Hacker

While this is a step in the right direction, there is clearly more work to be done in recovering the rest of the funds. Negotiations are believed to be ongoing with the main hacker, but progress in these talks appears to be limited at this point.

A bounty has also been offered to the hacker, with the team threatening to involve law enforcement if the dialogue comes to an unsatisfactory conclusion.