KyberSwap, the decentralized exchange built on liquidity protocol Kyber Network, has offered a hacker 15% of the funds from a $265,000 exploit as a bug bounty.
In a Thursday blog post, Kyber Network said a hacker had used a frontend exploit to pilfer roughly $265,000 worth of user funds from KyberSwap. The protocol said it will compensate all users for any missing funds related to the exploit, and directly addressed the hacker to give them an opportunity to return the funds in exchange for “a conversation with our team” and 15% of what was taken — roughly $40,000.
“We know the addresses you own have received funds from central exchanges and we can track you down from there,” said Kyber Network. “We also know the addresses you own have OpenSea profiles and we can track you through the NFT communities or directly through OpenSea. As the doors of exchanges close upon you, you will not be able to cash out without revealing yourself.”
1/ ❗️Notice of Exploit of KyberSwap Frontend:— Kyber Network (@KyberNetwork) September 1, 2022
We identified and neutralized an exploit on the KyberSwap frontend. Affected users will be compensated. We have summarized the details in this thread⬇️
Kyber Network reported shutting down its frontend following the discovery of a “suspicious element” at 8:24 AM UTC on Sept. 1. The platform disabled its user interface and found “a malicious code” in its Google Tag Manager, which targeted “whale wallets with large amounts,” giving the hacker the ability to transfer funds to different addresses. According to Kyber Network co-founder Loi Luu, this was the first hack on the protocol in five years.
“The attack was identified and put a stop to after 2 hours of investigations,” said Kyber Network. “This attack was an FE exploit and there is no smart contract vulnerability.”
Hackers have used exploits to execute attacks on many decentralized finance protocols, including $100 million being removed from the Horizon Bridge in June and draining $200 million worth of crypto from the Nomad token bridge in August. Cointelegraph reported on Aug. 11 that the overwhelming majority of attackers responsible for the Nomad bridge hack copied the original exploit, directing funds to addresses they chose.