The individual claiming responsibility for the hack on KyberSwap, a multi-chain decentralized exchange (DEX) aggregator, has issued a set of astonishing demands through a transaction on the Ethereum blockchain.
The hacker, self-identified as "Kyber Director," is demanding complete executive control over the Kyber company and full authority over its governance mechanism, KyberDAO.
Hacker's unprecedented ultimatum
The demands outlined by the hacker are unparalleled in the history of cryptocurrency breaches. They include the surrender of all company assets (both on-chain and off-chain), encompassing shares, equity, tokens, partnerships and intellectual property.
In return, the hacker proposes a comprehensive restructuring of Kyber. They promise to transform it from the seventh most popular DEX into a new cryptographic project.
Notably, the hacker has offered to buy out executives at a fair valuation, double the salaries of remaining employees and provide a 12-month severance package for those who choose to leave.
Token holders and investors are assured their tokens will retain value, and liquidity providers (LPs) are being offered a 50% rebate on recent losses.
The hacker has set a deadline of Dec. 10 for these demands to be met. Otherwise, the proposal will be withdrawn.
$47 million attack
On Nov. 23, KyberSwap fell victim to a smart contract reentrancy attack that led to the staggering loss of approximately $47 million across multiple networks, including Arbitrum, Optimism, Kyber Mainnet and Polygon.
The attack's epicenter was a wallet address that played a central role in receiving and redistributing the stolen funds.
This breach resulted in a 90% plunge in KyberSwap's total value locked (TVL) (from $85 million to a mere $8 million).
The primary flaw was identified in the mint function of KyberSwap's new v2 reinvestment token, which contained a loophole for reentrancy attacks.
In response, Kyber Network urged users to withdraw their funds as a precaution and has since been working to mitigate future risks.