The hacker answerable for the $48 million KyberSwap heist has escalated their demands, now looking for full government control over the decentralized change (DEX).
The hacker revealed the up to date demands in an on-chain message despatched on Nov. 30.
They’d beforehand expressed willingness to barter a bounty however complained of receiving threats and a normal lack of friendliness from KyberSwap’s government workforce on Nov. 28.
The hacker’s newest demands embody whole control of KyberSwap and non permanent and full possession of KyberDAO, the platform’s governance mechanism. Moreover, they’re asking for all paperwork associated to the firm’s construction, income, income, property, liabilities, and worker salaries. The attacker additionally insists on receiving all KyberSwap property, encompassing each on-chain and off-chain holdings.
In return, the hacker guarantees to purchase out the firm’s executives at a “fair valuation” and pledges to double the salaries of workers who select to stay post-takeover. These opting to depart are supplied a 12-month severance bundle.
The message additionally outlines plans for a “complete makeover” of the Kyber venture, aiming to extend the worth of its tokens, which the hacker at present deems “worthless.” Liquidity suppliers (LPs) affected by the assault are promised a rebate equaling 50% of their latest market-making losses.
The hacker has set a deadline for the KyberSwap workforce to satisfy these demands by Dec. 10, or the supply turns into void. Moreover, any agent contact concerning the hacker’s trades on KyberSwap will nullify the proposed “treaty.”
The hacker’s unprecedented transfer has been met with a mixture of alarm and skepticism in the crypto group. It has additionally renewed debate round the safety of decentralized protocols and learn how to enhance them.
KyberSwap has but to reply
The DEX’s management workforce has not but responded publicly to the hacker’s newest message.
KyberSwap initially supplied a bounty deal, proposing the hacker return 90% of the stolen funds and hold the remaining 10%. Nevertheless, following the hacker’s lack of fast compliance, KyberSwap threatened authorized motion and claimed to have the exploiter’s digital footprints for monitoring.
The DEX additionally introduced plans for a public bounty program to encourage info resulting in the hacker’s arrest and the restoration of consumer funds.
From the $46 million stolen, KyberSwap has managed to get better $4.67 million, attributed to actions by operators of front-running bots on the Polygon and Avalanche networks.
The exploit, described as an “infinite money glitch” by decentralized finance skilled Doug Colkitt, was a posh sensible contract exploit throughout a number of networks, together with Avalanche, Polygon, Ethereum, Arbitrum, Optimism, and Base.