Taipei-based cryptocurrency trading and investment firm Kronos Research has initiated negotiations with a hacker who stole $25 million from the company’s treasury earlier this month. In an on-chain message, Kronos offered the hacker a chance to return 90% of the stolen funds in exchange for dropping any legal action.
Last week, Kronos disclosed that an unauthorized entity had gained access to its API keys, enabling the theft. On-chain analysts ZachXBT and Lookonchain confirmed that the attacker made off with approximately $25 million, primarily in stablecoins. “We can confirm that the losses are about $26 million in crypto assets,” Kronos stated in a subsequent announcement. “Despite this significant setback, Kronos remains in good standing. All losses will be covered internally, and no partners will be affected.”
Public, on-chain negotiations between hackers and their victims have become increasingly common in the DeFi space. Recently, the attacker behind an exploit of KyberSwap signed one of the transactions that pilfered funds from the decentralized exchange, indicating their willingness to negotiate after adequate rest. In response, KyberSwap offered a 10% bounty for the return of the stolen funds. Similarly, Curve Finance negotiated the return of stolen funds via on-chain transactions in August, offering a 10% bounty to the hacker.
Over $1.2 billion has been stolen from DeFi protocols in 2023. As the DeFi ecosystem continues to evolve, security remains a paramount concern for both protocols and users.