KyberSwap hacker bridges $2.5M in stolen funds to Ethereum

The KyberSwap exploiter moved almost $1 million of the stablecoin Dai to another wallet address.
The KyberSwap exploiter moved almost $1 million of the stablecoin Dai to another wallet address.

The hacker behind the attack on the decentralized exchange (DEX) KyberSwap has been seen moving millions in digital assets from one blockchain to another.

On Feb. 26, blockchain analytics firm PeckShield posted movements from the KyberSwap attacker’s wallet address. According to blockchain data, the hacker bridged 798.8 Ether (ETH), worth almost $2.5 million, from Arbitrum to the Ethereum network.

Apart from the $2.5 million, the hacker also moved almost one million dollars in stablecoins. A wallet linked to the exploiter transferred $826,500 of the Dai (DAI) stablecoin to another wallet.

Fund movements from the KyberSwap attacker’s wallet. Source: PeckShield

The KyberSwap attack was one of the largest hacks of 2023. On Nov. 23, the DEX alerted its community that it experienced a “security incident” and advised its users to withdraw their funds. It was initially discovered that around $46 million in digital assets were taken during the exploit. However, it was later uncovered that the total amount lost almost reached $49 million.

The hacker also left an on-chain message to the KyberSwap team that day, saying that negotiations would start when he was “fully rested.” In response, the KyberSwap team offered the attacker a bounty of $4.6 million in exchange for the return of 90% of the stolen funds.

However, the bounty negotiations took a turn for the worse when the hacker started to express dissatisfaction with KyberSwap’s approach. On Nov. 29, the hacker posted an on-chain message threatening the team to delay negotiations further if the KyberSwap team continued their threats of legal action and what the hacker described as unfriendliness.

Related: KyberSwap exploiter linked to $50M HXA token movement

Eventually, the hacker did the unexpected, demanding total control over the KyberSwap company and all of its assets. The hacker also demanded temporary full authority and ownership over KyberDAO, which acts as the governance mechanism for Kyber and all documents related to Kyber. The hacker gave the company until Dec. 10, 2023, to decide before the “treaty falls through.”

Following the hacker’s demands, the KyberSwap team decided to launch treasury grants for the victims of the hack. On Dec. 2, 2023, the team announced it would extend a grant to those who lost funds in the exploit and have not been recovered. The hack also heavily affected the company, which cut half of its workforce a month after the exploit.

Magazine: DeFi’s billion-dollar secret: The insiders responsible for hacks