On November 22, the attacker who made off with $50 million received a message from the decentralised autonomous organisation (DAO) running the KyberSwap decentralised exchange (DEX) saying, “We want to negotiate.
The attack was directed at the liquidity pools (LPs) of KyberSwap. Prior to the attack, the DEX had a total value locked (TVL) of about $80 million; now, it only has $7.78 million.
“You have done one of the most sophisticated hacks ser. That was high EV, and everyone missed it,” the DAO wrote via a message from a contract deployer wallet, using an initialism for expected value. “On the table is a bounty equivalent to 10% of users’ funds taken from them by your hack, for the safe return of all of the users’ funds.”
The attacker has until November 25, 06:00 UTC, according to KyberSwap, to return the money.
A growing trend with decentralised finance exploits is hackers tease their victims by using text strings to sign transactions. Protocol teams can also use it as a means of negotiation with their adversaries
DefiLlama reports that over $290 million has been lost in DeFi hacks this month, and over $1.2 billion has been lost so far this year.