KyberSwap promises to cover user losses caused by recent vulnerability

KyberSwap has announced a grant program to mitigate losses from a $48 million liquidity pool hack.

KyberSwap announced on Dec. 1 that it would provide grants to compensate users affected by a recent vulnerability.

The decentralized exchange acknowledged that a recent attack drained $48.8 million in user funds from its Elastic Liquidity Pools, a feature that allows users to stake cryptocurrencies to earn interest or generate yield.

KyberSwap explained:

“Our current plan is for the KyberSwap Treasury to provide each user (who lost funds in the exploit and have not yet recovered) with a grant up to the USD value of those funds at the time they were drained from their respective liquidity pool.”

The platform said the plan is intended to "ease the hardship caused by the losses" and plans to announce more details in the next two weeks.

KyberSwap added that it is supporting law enforcement and cybersecurity teams in their efforts to identify and locate the attacker and recover any stolen funds. The platform mentioned its status as a decentralized and permissionless protocol, noting that users accept the risk under its terms of service.

The breach occurred in late November

KyberSwap was initially hacked on November 22. The project responded on the same day, confirming the incident and urging users to withdraw their funds.

The hacker expressed a desire to negotiate soon after the attack. Surprisingly, the hacker posted an on-chain message on November 30th demanding full control of KyberSwap. KyberSwap has not yet indicated whether it is willing to negotiate with the hacker or offer a bounty to return the funds.

KyberSwap is a decentralized exchange aggregator that supports 14 blockchains, including Ethereum. According to DefiLlama data on December 1, the total value locked (TVL) on the platform is $7.17 million.

The security of the platform has been questioned before. KyberSwap’s frontend was hacked in September 2022, resulting in a loss of $265,000. Risks to the platform’s liquidity pools were identified a few months ago in April. #DEFI  #漏洞