PeckShield monitoring shows that the KyberSwap attacker marked address 0xf255...ffc93 has transferred about 2460 ETH (valued at about $9.9 million) to a new address 0xDb14...ACA8.

Cyvers Alerts posted on social media X that the KyberSwap attacker has transferred 46.4 ETH worth $170,000 to Tornado Cash.

According to official sources, KyberSwap: has released an updated UI and opened a page for querying affected assets, which reflects the category to which the affected assets belong.

PeckShield monitoring shows that the address marked as the KyberSwap attacker transferred 231.8 WETH (worth $535,800) and 217,300 WMATIC (worth about $183,000) in two transactions to 0xa423...58c6.

Kyber Network announced on the X platform that it plans to provide compensation to users through the KyberSwap Treasury, with a maximum amount equivalent to the stolen funds. Earlier, KyberSwap stated: "On November 22, 2023, at 10:54 pm UTC, an attacker used a series of complex operations of the KyberSwap Elastic smart contract for exploitative exchanges, resulting in user funds being extracted to the attacker's wallet. Approximately $54.7 million of user funds were used by the attacker."

Hacker who stole $47 million from the decentralized trading protocol KyberSwap last week has promised to release a statement later this week regarding potential transactions with the victims. The attacker encoded a message into an Ethereum transaction on the evening of November 28th, promising to release a statement about the "contract" on November 30th. The attacker stated, "I said I was willing to negotiate and in return, I received (mostly) threats, ultimatums, and general unfriendliness from the execution team. It's okay, I don't mind. Assuming I am treated with further hostility, we can reschedule for a later date when we are both feeling more civilized. All you need to do is say one word, if not, we will proceed as planned on November 30th."

PeckShield monitoring shows that a KyberSwap attacker has returned 361,876 USDC.e on AVAX, as detected by community contributors.

Kyber Network posted on social media that the KyberSwap team has contacted the owner of the frontrun bot, which extracted approximately $5.7 million worth of funds from the KyberSwap liquidity pools on Polygon and Avalanche during this vulnerability. We have negotiated with the owner of the frontrun bot to return 90% of the user funds it occupied to address 0x8180 in exchange for a 10% reward. So far, approximately $4.67 million worth of funds have been returned to the KyberSwap deployer address on Polygon through these transactions. After recovering user funds from the frontrun bot, we will continue to support law enforcement and cybersecurity agencies in tracking down and recovering user funds from the vulnerability attackers.

CertiK posted on social media that the vulnerability in the KyberSwap attack exists in the implementation of the computeSwapStep() function in KyberSwap Elastic. This function calculates the actual exchange input/output amounts to be deducted or added, the exchange fee to be charged, and the resulting sqrtP. The function first calls the calcReachAmount() function, which concludes that the attacker's slippage will not cross the scale line, but incorrectly generates a slightly larger price than the targetSqrtP calculated by calling "calcFinalPrice". Therefore, liquidity was not removed, resulting in the attack. The attacker performed precise calculation operations on the liquidity pool within the empty scale range, using cross-exchange liquidity counts to deplete many KyberSwap pools containing low liquidity.

KyberSwap team has released negotiation information on the chain to hackers, stating that they can allow hackers to keep 10% of the stolen funds as a reward in order to safely return all users' funds. KyberSwap stated that they know how the hacker carried out the attack and have given the hacker until 2:00 pm on November 25th Beijing time to return 90% of the stolen funds to the address starting with 0x8180. Otherwise, the hacker's information will continue to be pursued.