• KyberSwap, a decentralized cryptocurrency exchange, is negotiating a 10% bounty with a hacker who stole $50 million, aiming to return the remaining funds to users.
• The hacker, who executed a complex smart contract exploit, has yet to respond to the bounty offer and remains inactive since the attack.

Negotiating Recovery After a Major Crypto Heist

KyberSwap, a decentralized exchange (DEX), has been thrust into the spotlight after falling victim to a sophisticated hacking attack. In an unprecedented move, the decentralized autonomous organization (DAO) overseeing KyberSwap has initiated negotiations with the hacker, offering a 10% bounty in hopes of recovering the stolen assets.

The $50 Million Hack and Bounty Offer

On November 22, KyberSwap suffered a significant security breach, resulting in the loss of $50 million. In response, the DAO has proposed a solution that could see the return of the majority of stolen funds. They have offered the hacker a 10% bounty of the total amount stolen, equating to $5 million, in exchange for the safe return of 90% of the funds to their rightful owners.

The DAO’s message to the attacker, sent through the exploited wallet address, acknowledges the complexity of the hack, referring to it as a “high EV” (expected value) move. The KyberSwap team has set a deadline for the return of the funds, urging the hacker to transfer 90% of the stolen amount to a specified crypto wallet address by 6 am UTC on November 25.

Pursuing a Resolution

The team’s approach includes an option for the hacker to contact them directly and anonymously via email if they wish to settle the bounty bid privately. This method aims to provide a secure and discrete channel for negotiations, hoping to facilitate the recovery of the stolen funds.

Analysis of the Hack

The hacking incident has garnered attention for its complexity and the method used to exploit KyberSwap’s system. Doug Colkitt, the founder of Ambient exchange, described the attack as one of the most elaborate and well-engineered smart contract exploits in recent memory. The hacker reportedly leveraged an “infinite money glitch” and exploited KyberSwap’s unique liquidity implementation, tricking the system into believing it had more liquidity than available.

The attack targeted KyberSwap’s liquidity pools (LPs), causing a drastic reduction in its total value locked (TVL), from approximately $80 million to a current standing of $7.78 million.

Awaiting the Hacker’s Response

As of now, the hacker has remained silent since their last communication on November 22, where they mentioned resting before starting negotiations. The crypto community and KyberSwap await the hacker’s response to the bounty proposal, hoping for a resolution that minimizes the impact on affected users and restores confidence in the platform.