KyberSwap Exploiter Coined "Pure Evil" after Stating Demands

Instead of typical ransom demands, the KyberSwap hacker is seeking complete control over the decentralized exchange and the Kyber company.

Hacker's trone
The attack on KyberSwap marked the third-largest security incident involving Web3 projects this week.

The malicious actor behind the KyberSwap exploit resulting in the audacious theft of $45 million from the cross-chain decentralized exchange and their unusual request for rest following the attack, has reemerged with renewed energy. The hacker has now communicated their demands to the Web3 project's team, shocking the cryptocurrency community with the severity of their requirements.

Read also: Hacker Pilfers $45 Million from Kyber Network, Requests Rest Before Negotiations

It has become evident from the on-chain message sent yesterday that the hacker is not solely driven by financial motives but is also seeking control over the entire Kyber company.

Identifying themselves as the "Kyber Director," the malicious actor expressed gratitude to all interested parties for their "attention and patience" and outlined a 'treaty' for agreement.

The demands laid out by the hacker include the acquisition of complete executive control over the Kyber company and temporary full authority and ownership over KyberDAO, which the hacker claims is necessary "to enact legislative changes."

The next requirement involves obtaining "all documents and information related to company and protocol formation, structure, operation, revenues, profits, expenses, assets, liabilities, investors, salaries, etc."

KyberSwap's hacker's message
Source: Pashov Audit Group, X

Moreover, the Kyber company is mandated to surrender all assets, encompassing shares, equity, tokens (both KNC and non-KNC), partnerships, digital platforms, websites, servers, intellectual property, and any other tangible or intangible assets associated with Kyber.

In exchange, the attacker makes a series of promises that they pledge to fulfill if their demands are met.

"Executives, you will be bought out of the company at a fair valuation," the attacker says, adding, "You will be wished well in your future endeavors. You have not done anything wrong." According to the exploiter, "A small error was made, rounding in the wrong direction, it could have been made by anyone. "

The hacker pledges to double the salary of employees and extend a twelve-month severance package with full benefits, providing assistance in finding new career opportunities for those who choose to leave.

Under the hacker's management, tokens are supposed to regain value, and Kyber will be prepared for a complete transformation. The attacker boldly asserts that Kyber will no longer be the 7th most popular decentralized exchange (DEX) but will evolve into an entirely new cryptographic project.

Liquidity providers (LPs) are promised a rebate covering 50% of the losses incurred during recent market-making activities. The hacker acknowledges that this rebate may be “probably less than what they wanted,“ but claims that it is “also more than they deserve.“

The hacker has set a stringent deadline of December 10 for compliance, accompanied by a warning of repercussions if contacted by agents from any sovereign entity regarding the trades executed on Kyber. At the time of publication, the response from the KyberSwap team to the hacker's message remained unknown.

Read also: Crypto Crook Issues Over 120 Scam Tokens in 3 Months

Ironically, following the hack, a security researcher known as Weiss.eth on X initiated a discussion on the efficacy of bug bounty programs in preventing such cyber incidents. Despite Kyber Network implementing a robust security pipeline, including three audits and a history of bug bounty programs with rewards exceeding $1 million, Weiss.eth raised concerns about the recent reward offered through the Immunefi platform.

Weiss.eth pointed out that the reward, a mere $200,000, represented only 0.2% of Kyber Network's total value locked (TVL). The researcher expressed apprehension about the inadequacy of funds allocated to rewarding white hat hackers, suggesting that it might discourage their participation in bug bounty programs and potentially motivate them to act as malicious hackers.

However, the recent message from the self-proclaimed Kyber Director indicates that, in this particular case, the relatively small bug bounty was unlikely to have triggered the attack.

CertiK, a cybersecurity firm, highlighted the KyberSwap hack as the third-largest incident in its recent monthly Web3 incident statistics, underscoring the severity and impact of the security breach.