Fan mail and ETH tips sent to KyberSwap hacker who stole $48M

Ethereum users have left the KyberSwap hacker a ton of on-chain messages

by David Canellis /
article-image

Jievani Weerasinghe/Unsplash modified by Blockworks

share

Some victims of the $48 million KyberSwap hack are no doubt waiting anxiously for the DeFi platform’s attacker to make their next move.

Others, though, seem to be taking a more proactive approach: talk directly to the exploiter through the Ethereum blockchain.

“Hello! You did amazing job, you are amazing man!” one person wrote in a message attached to a transaction overnight.

“Im drained for over $155k USDC, you can check my wallet. Could you please send some $ to help my family? I can get you the funds into any wallet just help me out please! :(.”

Other messages are much more formal: “Hello sir/madam! I was lp [liquidity provider] on [Arbitrum] — 259809.7 DAI.”

“I would like to negotiate, and ask how much would you be willing to take as a bounty? I believe code is law, and its totally up to you. Thanks in advance!”

Newsletter

Subscribe to Blockworks Daily

KyberSwap aggregates liquidity across DeFi into a single pool, enabling services such as decentralized exchanges and wallets to offer end-users instant token swaps through a web of smart contracts.

Chain watchers first spotted something was up with KyberSwap on Wednesday evening. Millions of dollars in crypto were suddenly siphoned from KyberSwap contracts deployed to Ethereum, Polygon, Coinbase’s Base, Arbitrum and Optimism, with the latter two hardest hit.

A complicated series of flash loan attacks and other targeted exploits had resulted in emptied token liquidity pools.

Loading Tweet..

KyberSwap responded by urging users to pull funds from the platform, with about $77 million quickly withdrawn. Now, less than $8 million is kept with KyberSwap, per DeFiLlama.

So far, the stash remains in the hacker’s various addresses. After the attack subsided, the hacker initiated a transaction with the following message: 

“Dear Kyberswap Developers, Employees, DAO members and LPs, Negotiations will start in a few hours when I am fully rested.” 

That was about a day and 18 hours ago. Nothing since.

Ethereum allows messages to be added to the input data field when sending transactions. This one cost about $2.

While some messages tell the hacker they could keep some of the crypto if they return the rest, it’s unclear whether notes like “if that money are gone my children can school anymore, because don’t have money again, please help me” are legitimate stories from real victims.

Some messages are more lighthearted: One says: “hi. congrats for the hit thats a crazy thing, you looks like a smart, arrogant & funny guy, could we talk in telegram or else? :)”

Another: “Hi legend pls send me 1mill to become the top g for life, thx love u”

There are others that offer advice: “I don’t know what you want to do next, but just want to remind that stablecoins like USDC have an address blocking function in the smart contract code.” A few even apparently sent tips, including some for 0.001 ETH ($2.06) and one for 0.0000069 ETH ($0.014).

Often hackers wait days, months, or even years before attempting to launder stolen crypto. Sometimes, the hacker returns the funds after taking 10% or 20%, playing off the whole thing as a gray-hat stunt.

Who knows where the Kyber case will end up. 

Whether it’s real or pretend, this message is still sad

In any case, it wasn’t bad enough that Ethereum network participants had to cryptographically verify the integrity of CryptoDickButts and Pixelverse Poops.

Now, they must forever ensure nonsense like, “Could you teach me your ways senpai? I too would like to make generational wealth in seconds please,” remains untampered-with, forever written to the blockchain. Great.

Get the news in your inbox. Explore Blockworks newsletters:

  • Blockworks Daily: The newsletter that helps thousands of investors understand crypto and the markets, by Byron Gilliam.
  • Empire: Start your morning with the top news and analysis to inform your day in crypto.
  • Forward Guidance: Reporting and analysis on the growing intersection of crypto and macroeconomics, policy and finance.
  • 0xResearch: Alpha directly in your inbox. Market highlights, data, degen trade ideas, governance updates, token performance and more.
  • Lightspeed: Built for Solana investors, developers and community members. The latest from one of crypto’s hottest networks.
  • The Drop: For crypto collectors and traders, covering apps, games, memes and more.
Tags

Upcoming Events

Permissionless IV

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

buy ticketslearn more

Digital Asset Summit 2025

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

recent research

Research Report Templates (5).png

Research

Tokenization Today

Outside of stablecoins, the value of tokenized assets sits below $20B, dominated by the following asset classes: private credit, US Treasuries, commodities, institutional alternative funds, stocks, non-US government debt, and corporate bonds. In the coming months, we see the greatest opportunities in the tokenization of illiquid markets, particularly private equity. However, the successful integration of offchain assets into blockchain ecosystems relies heavily on clear and consistent regulatory frameworks, with purpose-built infrastructure to support it.

by Carlos Gonzalez Campo

/

news

article-image

BusinessLightspeed Newsletter

Crypto promises ‘institutional adoption’. What does that mean?

“Every asset manager and bank doing ‘crypto’ is earning insane fees for putting things ‘onchain,'” read a slide from Meltem Demiror’s DAS talk

by Jack Kubinec /
article-image

Forward Guidance NewsletterPolicy

OCC to remove ‘reputational risk’ from bank inspection guidelines

The move from the national bank regulator came after increased pressure from Republicans

by Casey Wagner /
article-image

Forward Guidance NewsletterMarkets

Execs expect patient SEC after SOL futures launch, more altcoin filings

Industry leaders at DAS sounded off on the SEC’s approval of solana futures ETFs and how the crypto industry could expand into futures products

by Ben Strack /
article-image

The DropWeb3

Mysten Labs’ Walrus could reshape decentralized gaming and apps

The decentralized-storage alternative to AWS or IPFS will launch its mainnet March 27

by Kate Irwin /
article-image

0xResearch NewsletterDeFi

Crypto crossroads: ETF flows stabilize, but macro risks loom

Bitcoin ETF outflows are leveling off, Ethereum’s price action is increasingly sentiment-driven, and TradFi’s role in crypto is expanding

by Macauley Peterson /
article-image

AnalysisSupply Shock

Deep dive: How Michael Saylor came back from losing $6B in 1 day

The MicroStrategy founder understood digital scarcity long before Bitcoin, and it’s a story of bubbles, brokers and a “monster bull run.”

by David Canellis /