Introduction
In the dynamic and often unpredictable realm of cryptocurrency, a story has emerged that rivals the plots of the most intricate thrillers. The KyberSwap heist, a saga marked by a sophisticated hack, a daring hacker, and demands straight out of a spy novel, has gripped the crypto community. This tale is not just about the theft of digital assets; it’s a narrative that pushes the boundaries of what we thought possible in the world of decentralized finance. What started as ~50 million dollar exploit of the ways Kyber’s core protocol works, as transformed into an event that has communities split on whether the hacker should even be considered a bad actor at all.
Phase 1: The Breach
The drama began on November 22, 2023. KyberSwap, a decentralized exchange known for its agility in the DeFi space, fell victim to a heist that siphoned off approximately $48 million. The hack spanned multiple blockchains, with $20.7 million taken from Arbitrum, $15 million from Optimism, and smaller amounts from Ethereum, Polygon, and Base.
The technical sophistication behind the hack was later alluded to by the hacker themselves, who described it as a mere rounding error, a simple math miscalculation that could happen to anyone. This seemingly trivial mistake led to a significant exploit of KyberSwap’s liquidity pools, causing a drastic 83% drop in its total value locked from $84 million to $14 million.
In a tweet, Kyber Network alerted its users to the incident:
This was soon followed by Tweets from many in the community delving deeper into the on-chain details, including one from Spreek, a blockchain sleuth, who provided a snapshot of the ongoing exploit:
The hacker left a message on-chain, postponing negotiations until they had rested, setting a foreboding tone for what was to come.
It simply read,
Dear Kyberswap Developers, Employees, DAO members and LPs,
Negotiations will start in a few hours when I am fully rested.
Thank you.
It can be found on-chain, here.
Phase 2: Negotiations and Community Reaction
On November 24, KyberSwap responded with a dual strategy. Firstly, they offered a $10 million bounty for the recovery of the funds. Secondly, they addressed the hacker directly on-chain, offering a 10% bounty for the return of 90% of the funds, setting a deadline and hinting at potential legal action.
Reminder, read from bottom to top for proper chronology. Link to on-chain messages. 
Simultaneously, the community’s response was a mix of awe and desperation. Some individuals sent messages to the hacker through the Ethereum blockchain, ranging from admiration and negotiation attempts to pleas for help. This unique interaction showcased the diverse and emotionally charged reactions from those affected by the hack.
Around this time, Kyber also released their initial incident summary as a thread on X, which can be found here,
Phase 3: The Hacker’s Bold Demands
As the deadline approached, the hacker, now self-titled “Kyber Director,” made an audacious set of demands on-chain, turning this heist into a narrative that could be straight out of Hollywood. They requested complete executive control over KyberSwap, full authority over KyberDAO, and access to all company-related documents and assets.
The demands, found on-chain, also included specific plans for the company and its stakeholders:
To ALL relevant and/or interested parties,
I thank you for your attention and patience during this uncertain time for Kyber (the protocol/DAO) as well as Kyber (the company). Below I have delineated a treaty for us to agree to.
My demands are as follows:
* Complete executive control over Kyber (the company)
* Temporary full authority and ownership over the governance mechanism (KyberDAO) in order to enact legislative changes. My current wallet address is fine for this.
* All documents and information related to company / protocol formation, structure, operation, revenues, profits, expenses, assets, liabilities, investors, salaries, etc.
* Surrender of all Kyber (the company) assets. This is both On-chain and Off-chain assets. It includes but is not limited to: shares, equity, tokens (KNC and non-KNC), partnerships, blogs, websites, servers, passwords, code, social channels, any and all creative and intellectual property of Kyber.Once my demands have been met, I will provide the following:
* Executives, you will be bought out of the company at a fair valuation. You will be wished well in your future endeavors. You haven’t done anything wrong. A small error was made, rounding in the wrong direction, it could have been made by anyone. Simply bad luck.
* Employees, under the new regime your salary will be doubled. It is understandable that many current employees will want to leave regardless. The employees who don’t want to stay will be given a 12-month severance with full benefits and assistance in finding a new career, no questions asked.
* Token Holders and Investors, under this treaty, your tokens will no longer be worthless. Is this not sweet enough? I’ll go further still. Under my management, Kyber will undergo a complete makeover. It will no longer be the 7th most popular DEX, but rather, an entirely new cryptographic project.
* LPs, you will be gifted a rebate on your recent market-making activity. The rebate will be for 50% of the losses you have incurred. I know this is probably less than what you wanted. However, it is also more than you deserve.This is my best offer. This is my only offer.
I require my demands to be met by December 10, otherwise, the treaty falls through.Additionally, should I be contacted by agents from any of the 206 sovereignties, concerning the trades I placed on Kyber, the treaty falls through. In this case, rebates will total to exactly 0.
Kyber is one of the original and longest-running DeFi protocols. No one wants to see it go under.
To assist with this transition of leadership, I may be contacted on telegram: @Kyber_Director
Thank you.
– Kyber Director
To view this demands on chain, navigate to this link, then select “Click to see more” next to “More Details,” then select “view input as” and switch it to UTF-8.”
These demands, if met, promised a transformation of KyberSwap, including buyouts for executives, doubled salaries for employees, and rebates for liquidity providers. The hacker set a deadline of December 10 for these demands, adding a clause that any contact with authorities would void the treaty.
The most recent response from Kyber at this time of writing, was this tweet, assuring people that this does not directly affect the $KNC token, the native token of the protocol.
Additionally, they’ve been reminding people of the obvious, but it never hurts to restate, “…all KyberSwap Elastic Liquidity Providers [should] withdraw your liquidity from Elastic if you have any funds.”
Closing Thoughts
As we stand today, the KyberSwap saga remains unresolved, a testament to the complex and sometimes surreal world of cryptocurrency. This story is more than a tale of digital theft; it’s a narrative about the vulnerabilities in DeFi, the power of smart contract technology, and the audacity of individuals who dare to exploit these systems.
In the coming days, as the deadline looms, the crypto world watches with bated breath. Will the hacker’s demands be met, or will this story take yet another unexpected turn? One thing is for certain: the KyberSwap heist will be remembered as one of the most extraordinary events in the history of decentralized finance.
