The hacker behind the November 2023 attack on decentralized exchange KyberSwap has been seen moving almost $2.5 million in crypto.
In an X post published on February 26, blockchain analytics firm PeckShield noted that the hacker moved 798.8 Ether (worth ~$2.49 million) from Arbitrum to the Ethereum blockchain.
#PeckShieldAlert #KyberSwap Exploiter-labeled address bridged ~800 $ETH (worth ~$2.5m) from #Arbitrum to #Ethereum pic.twitter.com/xTWO7lOLJY
— PeckShieldAlert (@PeckShieldAlert) February 26, 2024
The hacker also transferred $826,500 of the Dai stablecoin to another wallet.
KyberSwap Attack
The KyberSwap attack which occurred on November 23 last year was one of the most significant hacks of 2023. Shortly after the attack began, KyberSwap informed its community of a “security incident,” urging users to withdraw their funds. It was initially reported that approximately $46 million in digital assets were taken, but subsequent investigations revealed a sum closer to $49 million.
The attack drew further headlines when the unidentified hacker left an on-chain message for the KyberSwap team, saying that they would be open to negotiations once “fully rested.” In response, KyberSwap offered the hacker a $4.6 million bounty in exchange for the recovery of 90% of the stolen funds.
However, the situation quickly deteriorated when the hacker threatened to delay negotiations if the KyberSwap team continued with its legal threats and its reportedly “unfriendly” approach.
The hacker then changed his demands, saying that he/she wanted complete control over KyberSwap and its assets. This included temporary full authority and ownership of KyberDAO, the governance mechanism for Kyber, along with all associated documents.
KyberSwap Is Still Returning Funds
In response to these demands, the KyberSwap team opted to initiate treasury grants for the victims of the hack. On December 2, the DEX announced grants for those who suffered losses in the exploit and had not recovered funds.
The treasury grants are still being distributed. Last week, the DEX announced that treasury grant program registration was now open for users of DappOS, Pendle, Magpie, and Equilibria affected by third-party events, users with addresses affected by Multisig/AA/Safe/Other Contracts; and normal cases, addressing those who missed the January 31 deadline.
KyberSwap faced substantial losses following the hack, with the company forced to reduce its workforce by 50% within a month of the incident.