A hacker who claims to be the “Kyber Director” has demanded full authority over KyberSwap, a decentralized exchange that suffered a $48 million breach on Nov. 23.

KyberSwap, a decentralized exchange (DEX) that allows users to swap tokens without intermediaries, has been hacked for nearly $50 million by an attacker who claims to be the “Kyber Director” position. The hacker announced on X that he wanted a better deal than KyberSwap’s original share, which was 0.25% of each trade. The hacker wants complete control over Kyber’s on-chain and off-chain resources, as well as access to confidential information about the company’s operations and finances.

The hacker added that he would pay fair value to the executives for their exit from the company, and offer a generous severance package to the staff who might leave under his leadership. He also warned that any interference from law enforcement or regulators would void the deal and that this was the best and only offer he would make.

The hacker exploited a bug in KyberSwap’s concentrated liquidity feature, which allows liquidity providers to set price ranges for their tokens. By manipulating the price of wstETH, a token that represents staked Ether on Lido, the hacker was able to drain funds from multiple pools on different chains, including Ethereum, Arbitrum and Optimism. The hacker also used flash loans from Aave to borrow and dump large amounts of wstETH, causing its price to plummet.

KyberSwap has advised users to withdraw all funds from the platform as a precautionary measure and has offered a 10% bounty to the attacker if he returns the stolen funds. KyberSwap also said it was working with security experts and law enforcement to investigate the incident and recover the losses.

Sources:

Decentralized Exchange KyberSwap Hacked For $48 Million – CoinDesk

KyberSwap attacker used ‘infinite money glitch’ to drain funds — DeFi expert

KyberSwap Offers 10% Bounty to Attacker Who Made Off With $50M – MSN