KyberSwap offers a 10% bounty to hacker who stole $47M

• KyberSwap is yet to get backmost the $7 cardinal that was stolen connected November 22.
• The decentralized speech has offered a 10% bounty to the hacker successful a bid to get the funds back.
• Security steadfast Beosin unveils the intricacies of the exploit, attributing the onslaught to a vulnerability successful Kyber’s liquidity pools.

Following the $47 cardinal KyberSwap hack connected November 22, the decentralized speech protocol has made a bold determination successful an effort to retrieve the funds.

The protocol has offered a bounty successful a bid to promote the hacker to instrumentality the stolen assets.

Incentive for the hacker

In effect to an on-chain connection near by the perpetrator, KyberSwap has offered a 10% bounty (amounting to $4.7 million) to the hacker who executed the exploit.

The hacker had hinted astatine negotiations with the KyberSwap team, stating, “Dear Kyberswap Developers, Employees, DAO members, and LPs, negotiations volition commencement successful a fewer hours erstwhile I americium afloat rested. Thank you.”

KyberSwap’s co-founder, Victor Tran, conveyed a straightforward ultimatum successful an on-chain message, presenting the hacker with a choice: instrumentality the funds oregon “stay connected the run.” The bounty connection is contingent connected the hacker returning the remaining 90% of the stolen funds to a specified code by 6 americium UTC connected November 25.

The KyberSwap attack

The onslaught targeted KyberSwap’s Elastic pools, exploiting a vulnerability related to the tick interval boundaries connected Kyber’s liquidity pools. Security steadfast Beosin revealed that the flaw allowed the hacker to artificially treble the liquidity, draining $47 cardinal crossed assorted blockchains, including Arbitrum,  Ethereum, Optimism, Polygon, and Base.

The incidental underscored the persistent challenges and information risks successful the decentralized concern (DeFi) space. KyberSwap’s proactive attack of offering a bounty is aimed astatine mitigating the interaction of the exploit and ensuring that liquidity providers are compensated for their losses.

The concern remains fluid arsenic the hacker has not responded to the bounty proposal, maintaining soundlessness since the onslaught connected November 22.