Key Takeaways
- One million dollars in stablecoins, specifically $826,500 worth of Dai stablecoin, were transferred to another wallet.
- PeckShield has detected activity from the hacker’s wallet, with transfers of 798.8 Ether, valued at nearly $2.5 million, moving from Arbitrum to the Ethereum network.
The hacker responsible for the 2023 decentralised exchange (DEX) KyberSwap’s exploit has resumed activity, moving significant amounts of digital assets across different blockchains.
Blockchain analytics firm PeckShield has reported notable movements from the hacker’s wallet address, indicating transfers totaling 798.8 Ether, worth almost $2.5 million, from Arbitrum to the Ethereum network. Additionally, nearly one million dollars in stablecoins, specifically $826,500 worth of Dai stablecoin, were transferred to another wallet.
The renewed activity of the hacker follows the 2023 KyberSwap attack, which resulted in losses nearing $49 million. During the initial attack, the hacker targeted assets primarily in Ether, wrapped ether (wETH), and USDC.
In response to the attack, negotiations between the KyberSwap team and the hacker ensued, with the latter leaving an on-chain message to the KyberSwap team indicating potential negotiations once they were “fully rested.”
The KyberSwap team, in a bid to recover the stolen funds, initially offered the attacker a bounty of $4.6 million in exchange for the return of 90% of the assets. However, the situation took a turn for the worse when the hacker expressed dissatisfaction with KyberSwap’s approach and laid out demands, including control over the company, temporary full authority and ownership of its governance mechanism (KyberDAO), access to company documents, and possession of all Kyber company assets.
The demands escalated when the hacker demanded total control over the KyberSwap company and its assets, including executive control, ownership of KyberDAO, and surrender of all company assets. Moreover, the hacker made promises to buy out executives, increase employee salaries, and provide a generous severance package for departing employees.
In response to the exploit, KyberSwap devised a recovery plan, including providing grants to affected users, matching the USD value of the funds lost during the attack. The grant program offered various options, including stablecoins equivalent to 60% or 100% of the reference value of affected assets, vested over different timeframes.
