KyberSwap hacker bridges $2.5M in stolen funds to Ethereum

The hacker behind the attack on the decentralized exchange (DEX) KyberSwap was seen moving millions in digital assets from one blockchain to another.

On Feb. 26, blockchain analytics firm PeckShield posted movements from the KyberSwap attacker’s wallet address. According to blockchain data, the hacker bridged 798.8 Ether ( ETH ), worth almost $2.5 million, from Arbitrum to the Ethereum network.

Apart from the $2.5 million, the hacker also moved almost a million dollars in stablecoins. A wallet linked to the exploiter transferred $826,500 in the DAI (DAI) stablecoin to another wallet.

The KyberSwap attack was one of the largest hacks of 2023. On Nov. 23, the DEX alerted its community that they experienced a “security incident” and advised their users to withdraw their funds. It was initially found that around $46 million in digital assets were taken during the exploit . However, it was later discovered that the total amount lost almost reached $49 million.

The hacker also left an on-chain message to the KyberSwap team that day, saying that negotiations would start when he was “fully rested.” In response, the KyberSwap team offered a bounty of $4.6 million to the attacker in exchange for the return of 90% of the stolen funds.

However, the bounty negotiations took a turn for the worse when the hacker started to express dissatisfaction with KyberSwap’s approach. On Nov. 29, the hacker posted an on-chain message threatening the team to delay negotiations further if the KyberSwap team continued their threats of legal action and what the hacker described as “unfriendliness.”

Related: KyberSwap exploiter linked to $50M HXA token movement

Eventually, the hacker did the unexpected, demanding total control over the KyberSwap company and all of its assets. The hacker also demanded temporary full authority and ownership over KyberDAO, which acts as the governance mechanism for Kyber and all documents related to Kyber. The hacker gave the company until Dec. 10 to decide before the “treaty falls through.”

Following the hacker’s demands, the KyberSwap team decided to launch treasury grants for the victims of the hack. On Dec. 2, the team announced it would extend a grant to those who lost funds in the exploit and have not been recovered. The company was also heavily affected by the hack, cutting half of its workforce a month after the exploit.

Magazine: DeFi’s billion-dollar secret: The insiders responsible for hacks