The hacker responsible for the November 2023 KyberSwap attack was spotted on February 26 transferring nearly $2.5 million in cryptocurrency.
#PeckShieldAlert #KyberSwap Exploiter-labeled address bridged ~800 $ETH (worth ~$2.5m) from #Arbitrum to #Ethereum pic. .com/xTWO7lOLJY
— PeckShieldAlert (@PeckShieldAlert) February 26, 2024
According to an X post by blockchain analytics firm PeckShield, the hacker moved 798.8 Ether, valued at approximately $2.49 million, from Arbitrum to the Ethereum blockchain.
The hacker also transferred $826,500 of the Dai stablecoin to another wallet.
Understanding the 2023 KyberSwap Attack
The KyberSwap attack, which occurred on November 23, 2023, was one of the most notable DeFi hacks of the year.
Shortly after the attack began, KyberSwap informed its community of a “security incident,” urging users to withdraw their funds. It was initially reported that approximately $46 million in digital assets were taken, but subsequent investigations revealed a sum closer to $49 million.
The attack drew further headlines when the unidentified hacker left an on-chain message for the KyberSwap team, saying that they would be open to negotiations once “fully rested.” In response, KyberSwap offered the hacker a $4.6 million bounty in exchange for the recovery of 90% of the stolen funds.
However, the situation quickly deteriorated when the hacker threatened to delay negotiations if the KyberSwap team continued with its legal threats and its reportedly “unfriendly” approach.
The hacker then altered their demands, saying that they wanted complete control over KyberSwap and its assets. This included temporary full authority and ownership of KyberDAO, the governance mechanism for Kyber, along with all associated documents.
KyberSwap Is Still Returning Funds
In response to these demands, the KyberSwap team opted to initiate treasury grants for the victims of the hack. On December 2, 2023, the DEX announced grants for those who suffered losses in the exploit and had not recovered funds.
Treasury Grant Program Registration is now open for the following:
Type 1. Third Party Affected Users of DappOS, Pendle, Magpie & Equilibria
Type 2. Affected Users with Multisig/AA/Safe/Other Contract Affected Addresses
Type 3. Normal cases who missed the January 31 deadline https://t.co/NcOXlwq6PT— Kyber Network (@KyberNetwork) February 19, 2024
The treasury grants are still being distributed. The DEX announced last week that treasury grant program registration is now open for users of DappOS, Pendle, Magpie, and Equilibria affected by third-party events, users with addresses affected by Multisig/AA/Safe/Other Contracts; and normal cases, addressing those who missed the January 31 deadline.
KyberSwap faced substantial losses following the hack, with the company forced to reduce its workforce by 50% within a month of the incident.