Cryptocurrency exchange promised cybercriminals a reward if they return stolen funds

on September 1, hackers broke into the external interface of the non-custodial exchange KyberSwap, a DeFi project of Kyber Network. The developers of KyberSwap detected suspicious activity at the frontend level, and programmers found malicious code in the Google Tag Manager (GTM) tool. The exploit inserted false approvals for transactions, allowing hackers to withdraw funds from exchange customers to their own addresses. In total, users' losses amounted to 265,000 USDC.

1/ ❗️Notice of Exploit of KyberSwap Frontend:

We identified and neutralized an exploit on the KyberSwap frontend. Affected users will be compensated. We have summarized the details in this thread⬇️

— Kyber Network (@KyberNetwork) September 1, 2022

It took KyberSwap developers two hours to remove the malicious code. After that, the platform was fully restored, and the company promised to compensate customers for losses.

Interestingly, KyberSwap’s management offers the attackers to return 265,000 USDC in exchange for a «gesture of goodwill». The exchange promises to pay the hackers a reward of 15% of the stolen funds and will not sue. However, it is still unknown whether the attackers have contacted KyberSwap representatives and announced their decision.