KyberSwap has announced a grant initiative from its treasury to financially assist users affected by a significant security breach on November 22, resulting in a loss of $48.8 million for the decentralized finance (DeFi) protocol. The grant aims to alleviate the financial strain on affected individuals, providing compensation equivalent to the USD value of the assets lost during the exploit.
This move underscores KyberSwap’s commitment to its user community and platform security. While the specific details and criteria for the grant are still being finalized, KyberSwap has committed to providing additional information within the next two weeks.
Investigations into the security breach revealed that the vulnerability originated from tick interval boundaries within KyberSwap’s concentrated liquidity pools. Exploiting this weakness, an attacker manipulated liquidity artificially, leading to a substantial depletion of funds.
Initially estimated at $47 million, the confirmed loss was later determined to be $48.8 million. In an unconventional approach to reclaim the stolen assets, KyberSwap proposed a 10% reward to the perpetrator, resulting in unexpected responses instead of acceptance.
Notably, KyberSwap has successfully recovered $4.7 million of the stolen funds, which were taken by third-party Miner Extractable Value (MEV) bots during the hack. This partial recovery, along with the introduction of treasury grants, highlights KyberSwap’s proactive stance in addressing security breaches. The incident has prompted a thorough review of KyberSwap’s security protocols, with the team dedicated to enhancing safeguards to prevent future exploits.