KyberSwap’s Hacker Interviewed: "Might Makes Right"

The author of The Officer’s Blog has successfully conducted an interview with the KyberSwap hacker, delving into their motivations behind the recently disclosed stringent demands imposed on the Kyber company.

Hacker working
The X community was very excited to receive recommendations on Web3 security education from a notorious hacker.

Today, a Web3 threat researcher and the author of the blockchain security blog Officer’s Blog, shared the results of their attempt to conduct an interview with a KyberNetwork exploiter. The attempt was quite successful, and the hacker, who coined himself the "Kyber Director," was willing to answer a couple of questions.

It appears that the conversation between the notorious hacker and the analyst took place on Telegram, where the latter uses the name Officercia. It is not clear how the conversation started; however, Officercia shared a screenshot from the Telegram chat of the cybersecurity team’s PeckShield channel, where the hacker participated.

Read also: November Web3 Exploits Cause $363 Million Loss

Officercia asked Kyber Director a single and probably most intriguing question before even suggesting having an interview.

Undeniably, this question regarded the hacker’s motivation to set the severe demands for the Kyber company. After the hack on November 23, when the exploiter asked the team behind the cross-chain decentralized exchange to give them time to rest before negotiations, many in the crypto community expected the malicious actor to participate in discussions regarding the possibility of returning the loot for a reward.

However, the on-chain message from the hacker sent to the exchange’s team on November 30, revealed different motives.

Setting the deadline of December 10, Kyber Director outlined a "treaty" that included acquiring complete executive control over the Kyber company and temporary full authority and ownership of KyberDAO, presumably to enact legislative changes. Further demands involved obtaining all documents and information related to the company and surrendering all assets.

Given these unexpected demands from the KyberSwap attacker, Officercia decided to take a chance and inquire about them in the first place.

"Could you please explain why you did what you did? I am referring to what came afterward with all this DAO thing," Officercia texted the exploiter.

"Isn’t it obvious? I want to buy a crypto company at a cheap price," Kyber Director replied.

While this may sound obvious, there is still one point that may suggest the true motive of the hacker was not only the purchase of the business.

"Executives, you will be bought out of the company at a fair valuation," the attacker said in the on-chain message, adding, "You will be wished well in your future endeavors. You have not done anything wrong."

"A small error was made, rounding in the wrong direction, it could have been made by anyone," Kyber Director emphasized.

On the one hand, the last phrase might suggest an underlying conflict between the attacker and the Kyber company. On the other hand, it may also refer to the vulnerability of the crypto exchange.

Interview with Kyber Director
Source: Officer's Notes, X

After Officercia received the first reply from the hacker, they suggested preparing a list of questions for an anonymous interview, that Kyber Director could decide whether to answer or not. To get ready for further discussion with the hacker, Officercia asked the X community to submit questions they would like the researcher to ask the KyberSwap attacker.

Cryptocurrency developer Ethics suggested asking the attacker, "Based on your current observation of the sky, can you describe the position of key celestial bodies such as the Sun, the Moon, the North Star (Polaris), or any recognizable constellations, and also the current local time?" In all likelihood, this could have helped to collect geographic information to help locate the hacker.

The creator of TMZ CRYPTO, W3nzel.eth, recommended asking about the expectations of the hacker to avoid prosecution. "It's like a bank robber requesting that he will be the new boss of the bank, not sure how that is supposed to play out," W3nzel.eth wrote, adding that they are curious to find out the details of the heist.

Other X users were also interested in learning alternative options to the control of the company requested by the hacker, finding out the way the hacker developed their interest in crypto, where they see themselves in five years, and what the hacker’s recommendations for tokens good for purchasing would be.

Some X users even suggested asking the attacker for recommendations on the roadmap to become a good hacker and whether the attacker believes the Earth is flat or round.

Kyber Director was willing to proceed with the interview. Among the questions Officercia decided to ask the attacker was advice on the resources for learning Web3 security.

"There is no secret ingredient, just do a lot of reading and practice," Kyber Director replied, adding "One thing I did enjoy was Solodit [audit finding aggregator]. I went through a lot of that."

Read also: December Starts Small with Minor Web3 Exploits

When asked about being an AGI, which may have referred to Artificial General Intelligence, the hacker said, "I want to fuse with one someday."

Officercia's last question to Kyber Director was, "'What do you think about the 'code is law' statement? You know, recently a French court made a decision against hackers - they are free."

"'Code is Law' is not true. 'Might makes Right' has always been true," replied the KyberSwap’s hacker.

Meanwhile, Kyber Network has not shared its reaction to the stringent requirements set by the hacker with the crypto community. Some of the X users believe these demands could not be serious, as the malicious actor will not be able to perform an executive role over the entire company while being searched by law enforcement. However, obtaining power over the project’s DAO appears to be quite realistic.

KyberSwap’s attack analysis

In their interview, Officercia described the smart contract reentrancy attack on KyberSwap, which resulted in the loss of over $45 million, as "likely the most complex of all attacks that have occurred." Web3 security auditor Hacken reported its findings from the exploit analysis.

Hacken claims that, in all likelihood, the exploit took advantage of a vulnerability in the mint function of KyberSwap's new v2 reinvestment token (KS2-RT). Its implementation contained a mint callback, potentially creating a loophole for reentrancy attacks.

According to Hacken, Arbitrum experienced the largest losses totaling $20 million. The hacker stole $5 million less from Optimism while the damage to the Kyber Mainnet surpassed $7 million. Additionally, the attack led to the theft of $2 million from Polygon and over $300,000 from Base.