In a bold move following the $54.7 million exploit of KyberSwap, the hacker behind the attack has now articulated specific demands for the return of the stolen funds. These essentially involve the hacker taking full control of Kyber, the company operating the decentralized exchange (DEX) and 'temporary' control and ownership of KyberDAO.
"No one wants to see it go under"
The hacker's list of demands, published as promised on November 30, include not only the transfer of all company assets, both on-chain and off-chain, such as shares, equity, and tokens, but also "complete executive control" over Kyber.
In the "treaty", they demand "temporary full authority and ownership over the governance mechanism (KyberDAO) in order to enact legislative changes. [...] All documents and information related to company/protocol formation, structure, operation, revenues, profits, expenses, assets, liabilities, investors, salaries, [...] Surrender of all Kyber (the company) assets. This is both On-chain and Off-chain assets. It includes but is not limited to: shares, equity, tokens (KNC and non-KNC), partnerships, blogs, websites, servers, passwords, code, social channels, any and all creative and intellectual property of Kyber."
In exchange for their demands being met, the hacker offers to buy out the company from the executive team "at fair valuation" and pokes further, declaring, "You haven't done anything wrong. A small error was made, rounding in the wrong direction, it could have been made by anyone. Simply bad luck."
They also offer to double employee salaries and say they understand that many employees will want to leave but still promise 12-month severance with full benefits and new job opportunities, "no questions asked".
Furthermore, the hacker addressed token-holders and investors, promising an overhaul of Kyber:
"Token Holders and Investors, under this treaty, your tokens will no longer be worthless. Is this not sweet enough? I'll go further still. Under my management, Kyber will undergo a complete makeover. It will no longer be the 7th most popular DEX, but rather, an entirely new cryptographic project."
In a gesture that blends conciliation with condescension, the hacker also extended an offer to the liquidity providers impacted by the hack: a "rebate will be for 50% of the losses [...] incurred," before adding, " I know this is probably less than what you wanted. However, it is also more than you deserve."
"This is my best offer. This is my only offer."
Setting a firm deadline of December 10 for compliance with these demands, the hacker warned that failure to meet the conditions would lead to the nullification of their proposal. They cautioned against any interference, threatening to void the deal if any "agents from any of the 206 sovereignties" contacted them regarding the trades they placed on Kyber.
Kyber is one of the original and longest-running DeFi protocols. No one wants to see it go under.
The attacker's demands have been met with curiosity and perplexity; some crypto enthusiasts even suggested that the person or team behind the exploit could be the company leadership in an "exit scam". Many said the exploit is more akin to a prank or a "powertrip" and that the hacker will inevitably get caught.
Gabriel Shapiro, general counsel at Delphi Labs, even asked if the entire attack could be a government operation "to discredit crypto".
We will wait and observe whether Kyberswap replies, stay silent, or surrenders by November 10, the deadline set by the hacker(s).