A recent message that Kronos sent to the hacker shows the firm requesting that the attacker return 90% of the stolen funds.
Cryptocurrency trading firm Kronos Research has extended what seems like a good-faith gesture to its recent hacker. In mid-November, the Taipei-based investment firm was exploited via stolen API keys.
The crypto trading firm has since taken to its official X page to announce the security breach. It said the breach saw the hacker making away with a total of $25 million, a significant loss for the platform.
In an attempt to calm its users, Kronos issued the following statement via an X post:
“At present, we can confirm that the losses are about $26 million in crypto assets, and despite it being a sizable amount, Kronos remains in good standing. All losses will be covered internally, and no partners will be affected.”
Interestingly, it looks like one way that Kronos intends to cover the losses “internally” is by negotiating with the attacker. A recent message that Kronos sent to the hacker shows the firm requesting that the attacker return 90% of the stolen funds. This means that they get to keep the remaining 10% to themselves. Kronos also promises that there would be no further action from its end once these conditions are met, Etherscan reveals.
It is not exactly clear whether or not the hacker will choose to return the funds. However, Kronos may have subtly suggested in its message that failure to do so would result in the involvement of relevant authorities on the matter.
Kronos Research Hack: Another Proof of a Growing Trend of Hacker Negotiations
It is worth mentioning that the unfolding events in the Kronos hack point to the fact that public, on-chain negotiations between hackers and their victims have become increasingly common.
Just as with Kronos, KyberSwap also recently gave 10% away to an attacker who recently stole funds from the decentralized exchange. Similarly, Curve Finance did the same in August. It negotiated with hackers via transaction signing and also gave out the same 10%.
Whatever might be the case, these occurrences are gradually becoming a trend. A trend where firms may just unknowingly be encouraging continued bad acting without any serious consequences to these hackers.
To put the above statement into perspective, over $1.2 billion has been stolen from Decentralized Finance (DeFi) protocols. That is so far in 2023 alone, according to DeFiLlama.