The decentralized autonomous organization (DAO) running the KyberSwap decentralized exchange (DEX) reached out to the attacker who walked off with $50 million on Nov. 22 with a message: We want to negotiate.
The attack targeted KyberSwap's liquidity pools (LPs). The DEX, which had a total value locked (TVL) of around $80 million before the attack, now just has $7.78 million.
"You have done one of the most sophisticated hacks ser. That was high EV, and everyone missed it," the DAO wrote via a message from a contract deployer wallet, using an initialism for expected value. "On the table is a bounty equivalent to 10% of users' funds taken from them by your hack, for the safe return of all of the users' funds."
KyberSwap gave the attacker a deadline of Nov. 25, 06:00 UTC, to return the funds.
Hackers teasing their victims via signing transactions with strings of text is an increasingly common trend with decentralized finance exploits. It is also a way for protocol teams to negotiate with their attackers.
There has been over $290 million lost in DeFi hacks this month, and around $1.2 billion so far this year, according to DefiLlama.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is an award-winning media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. In November 2023, CoinDesk was acquired by Bullish group, owner of Bullish, a regulated, institutional digital assets exchange. Bullish group is majority owned by Block.one; both groups have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary, and an editorial committee, chaired by a former editor-in-chief of The Wall Street Journal, is being formed to support journalistic integrity.