KyberSwap Offers Hackers IDR 593 Million in Reward to Recover Stolen Funds

KyberSwap offered me a reply to the hacker. (photo: Twitter @KyberNetwork

JAKARTA - KyberSwap, a decentralized exchange built on the Kyber Network liquidity protocol, has offered hackers 15% of funds from exploits worth USD 265.000 (IDR 3.9 billion) as a bug bounty.

In a blog post on Thursday, Aug. 31, the Kyber Network said a hacker had used a frontend exploit to steal about $265.000 worth of user funds from KyberSwap.

The protocol says it will compensate all users for any lost funds related to the exploit, and goes directly to the hackers to give them the opportunity to return the funds in exchange for "conversations with our team" and 15% of what was taken - approx. 40.000 US dollars (IDR 593 million).

1/ ❗️Notice of Exploit of KyberSwap Frontend:

We identified and neutralized an exploit on the KyberSwap frontend. Affected users will be compensated. We have summarized the details in this thread⬇️

— Kyber Network (@KyberNetwork) September 1, 2022

"We know the address you have has received funds from a central exchange and we can track you from there," the Kyber Network said. “We also know the address you have an OpenSea profile on and we can track you through the NFT community or directly through OpenSea. When the door of exchange is close at hand, you will not be able to cash out without revealing yourself.

Kyber Network reported shutting down its frontend following the discovery of a “suspicious element” at 8:24 a.m. UTC on September 1. The platform disabled its user interface and found “malicious code” in Google Tag Manager, which targeted “big wallet whales,” which gave hackers the ability to transfer funds to a different address. According to Kyber Network co-founder Loi Luu, this is the first hack to their protocol in five years.

"The attack was identified and stopped after 2 hours of investigation," the Kyber Network said, as quoted by Cointelegraph. "This attack is an exploit of FE and there is no smart contract vulnerability."

Hackers have used the exploit to carry out attacks on many decentralized finance protocols, including $100 million removed from Horizon Bridge in June and draining $200 million worth of crypto from Nomad tokens in August.

Cointelegraph reported on August 11 that most of the attackers responsible for the Nomad Bridge hack copied the original exploit, redirecting funds to addresses of their choosing.