Cryptocurrency trading company Kronos Research is hoping their approach will help recover most of the $25 million stolen by a hacker this month – try to strike a deal with the thief.
Keypoints
- Cryptocurrency trading firm Kronos Research was hacked, resulting in $25 million stolen
- Kronos has publicly offered the hacker a 10% bounty (around $2.5 million) to return 90% of funds
- Theft occurred after hacker gained access to Kronos’ API keys
- Public negotiations between hackers and victims has become a growing trend
- Decentralized finance protocols have seen over $1.2 billion in thefts this year
The Taiwan-based firm publicly offered the unknown attacker a 10% cut, around $2.5 million, in exchange for returning 90% of the pilfered funds. It’s just the latest case of victims opening negotiations with hackers in full public view, a burgeoning tactic across the crypto industry.
The Kronos heist unfolded in mid-November after the hacker managed to obtain the company’s API keys, the digital passes that allowed access to treasury accounts. The attacker made off with $25 million, the bulk in stablecoins like USDT and USDC.
KronosResearch was attacked and lost ~$25.65M, including 24.57M $USDT, 488.7 $ETH($959K) and 125,056 $USDC.
24.57M $USDT was swapped to 12,457 $ETH and 125,056 $USDC was swapped to 63.6 $ETH.
All 13,010 $ETH was transferred to 7 wallets, of which 1 $ETH to #ChangeNOW. pic.twitter.com/FztcM8YZHS
— Lookonchain (@lookonchain) November 19, 2023
“Despite it being a sizable amount, Kronos remains in good standing,” the firm reassured clients about the financial hit. But hunting down the stolen crypto could prove tricky without the hacker’s cooperation.
So Kronos took the route of other crypto victims by appealing directly to the perpetrator. Its offer, broadcast via an on-chain message, promised no further action if 90% of funds are returned. Now the firm must wait and see if the hacker takes the deal.
Public crypto negotiations have become increasingly common in recent years. When decentralized exchange KyberSwap suffered an exploit, the attacker signaled a willingness to talk by signing one of the transactions. KyberSwap began with a 10% bounty offer – the same percentage dangled by Kronos.
Industry-wide, over $1.2 billion has been stolen from decentralized finance (DeFi) protocols in 2022 through hacks and thefts. With such immense sums vanishing in cyberspace, victims have realized that striking compromises may be the only path to partial recovery.
But the approach is controversial. Critics argue that payoffs simply incentivize more cybercrime down the road. And scofflaw hackers may view bounty offers as a starting point for even larger payouts.
For Kronos investors, however, recovering most of their vanished millions likely overrides debates around long-term implications. And if this attempt fails, the firm insists all losses will be covered internally. Still, the daring public offer represents a new frontier in crypto crime-fighting – and the hacker’s decision could set key precedent.
