The recent incident involving KyberSwap has caught the attention of the entire crypto community. A hacker managed to breach the platform’s defenses, resulting in a theft of $46 million. However, the most striking aspect is the unusual conditions the hacker set for the return of the funds.
The hacker, through an on-chain message on November 30, made it clear that their main demand is to gain “complete executive control” over the KyberSwap company. This would include both on-chain and off-chain assets, encompassing stocks, stakes, and tokens of the company. Specifically, the hacker seeks temporary full authority and ownership of KyberDAO, Kyber’s governance mechanism, along with the delivery of all documents related to the company.
The Hacker’s “Generous” Proposals For KyberSwap
In an unprecedented move, the hacker proposes a kind of “purchase” of the company. They commit to buying KyberSwap executives at a fair valuation and wish them success in their future endeavors. Additionally, they offer to double the salaries of employees under their new management regime. Although some employees may choose not to stay, they are guaranteed a 12-month severance with full benefits and assistance in finding new job opportunities.
The hacker also mentions benefits for token holders and investors during this transition. They promise that tokens will no longer be considered worthless and propose a complete transformation of KyberSwap under their leadership, aiming to change its position as the seventh most popular DEX and turn it into an entirely new project.
For liquidity providers, the hacker offers royalties for their recent market-making activity. These royalties would represent 50% of the losses incurred. Although the hacker acknowledges that this offer may seem insufficient to some, they claim it is more than they deserve.
The KyberSwap team now faces the difficult decision of complying with these unorthodox conditions or exploring other alternatives to protect the interests of the platform and its users. This incident once again raises the debate on the importance of cybersecurity, both in the measures companies take and those that users must take.
The third quarter has been the most damaging so far in 2023. During this period, almost $700 million was wiped out in various exploits, adding to the $320 million from the first quarter and $313 million from the second, bringing the total losses to $1.333 billion.