A major vulnerability on November 22 resulted in a staggering loss of $48.8 million for the decentralized finance (DeFi) platform KyberSwap.
The platform responded quickly by outlining plans to compensate individuals who suffered financial losses as a result of the security incident.
To address the fallout, KyberSwap is launching a grant program using funds from its treasury to compensate those affected by the breach.
The grants will be equal to the USD value of the assets lost in the security incident to reduce the financial burden on affected users.
While the exact details and requirements of the compensation program are still being worked out, KyberSwap has stated that more information will be available within the next two weeks.
The security breach investigation revealed that the vulnerability in KyberSwap’s concentrated liquidity pools was caused by tick interval boundaries. This flaw enabled attackers to manipulate liquidity artificially, resulting in a significant loss of funds.
The breach’s confirmed loss is $48.8 million, up from an initial estimate of $47 million. In order to recover the stolen assets, KyberSwap offered the perpetrator a 10% incentive. Instead of taking the offer, the attacker demanded executive control of the organization.
Third-party MEV (Miner Extractable Value) bots seized $4.7 million during the breach, but KyberSwap successfully restored this amount.
KyberSwap’s use of treasury grants is a notable effort to restore user confidence and demonstrate its commitment to dealing with the fallout from security incidents.