The hacker responsible for extracting $47 million from decentralized exchange protocol KyberSwap last week outlined their demands in a bizarre on-chain message.
The attacker’s demands include full control over the company behind Kyber, “temporary” full control over the project’s governance mechanism (KyberDAO) to implement “changes in the law” and “all documents and information related to the formation, structure, operation and company/protocol revenue. , profits, expenses, assets, liabilities, investors, salaries, etc. They also demanded the surrender of all on- and off-chain assets, including stocks, shares, KNC
+
and other retained tokens, websites, servers, passwords, code, social channels and all intellectual property.
If the demands are met, the hacker said they will buy out company executives at a fair valuation, saying: “You have done nothing wrong. A small mistake was made, where the turn was made in the wrong direction; this one could have been made by anyone. Just bad luck.” The attacker said the salaries of remaining employees would be doubled, and those who did not want to stay would receive 12 months’ severance pay.
“Token holders and investors, under this treaty your tokens will no longer be worthless,” he continued. “Under my leadership, Kyber will undergo a complete makeover. It will no longer be the seventh most popular DEX, but rather an entirely new cryptographic project.”
Liquidity providers who deposited crypto assets into KyberSwap’s liquidity pools would also receive a 50% cut on losses incurred as a result of recent market-making activity, the attacker added – saying it was ‘more than you deserve’ .
Last offer
The attacker said this was their best and only offer. If the demands are not met by December 10, their “treaty deal” will fail.
The hacker also warned that if they were “contacted by agents of any of the 206 sovereignties” about their activities, the deal would be null and void and the rebates would be zero.
“Kyber is one of the original and longest-running DeFi protocols. No one wants to see it go under,” she added.
Following the message from the attacker, KyberSwap co-founder Victor Tran Posted on X: “Nobody cares about Kyber users as much as we do. You deserve the best. Tomorrow message.”
A $47 million exploit
The on-chain message comes about a week after $47 million was suspiciously removed from KyberSwap’s Elastic Pools liquidity solution and two days after the hacker promised to outline a possible deal.
KyberSwap advised all users to withdraw their funds immediately after the incident and later offered a 10% bounty to whoever was responsible for the exploit.
On Monday, the KyberSwap team said it had separately managed to recover $4.7 million in previously siphoned off funds.
The hacker has also been linked to an attack on Indexed Finance, an Ethereum-based project that was hacked for $16 million in 2021.
