Cybersecurity Rewards Initiative: Kronos Research Extends 10% Bonus for Crypto Trading Protection

In mid-November, Kronos Research found itself at the center of a cybersecurity incident, as API keys were compromised, leading to the illicit acquisition of $25 million by an unauthorized actor.

The cryptocurrency trading and investment firm, headquartered in Taipei, has proactively engaged in discussions with the responsible hacker involved in the misappropriation of $25 million from its treasury earlier this month. Information gleaned from Etherscan indicates that Kronos reached out to the hacker, proposing the return of 90% of the embezzled funds as a resolution to the situation.

Source: Etherscan 

Last week, Kronos Research publicly disclosed the security breach through a post on X, revealing that an unidentified entity had gained unauthorized access to its API keys. Validation from blockchain experts ZachXBT and Lookonchain subsequently confirmed the miscreant's successful withdrawal of $25 million, primarily in stablecoins.

In the interest of transparency
Around 4 hours ago, we experienced unauthorized access of some of our API keys. We paused all trading while we conduct an investigation. Potential losses are not a significant portion of our equity and we aim to resume trading as soon as possible.

— Kronos Research ???? (@ResearchKronos) November 18, 2023

Looks possibly like $20.3M+ (12800+ ETH)

0x2b0502FDab4e221dcD492c058255D2073d50A3ae pic.twitter.com/sLnFA0VXhk

— ZachXBT (@zachxbt) November 18, 2023

KronosResearch was attacked and lost ~$25.65M, including 24.57M $USDT, 488.7 $ETH($959K) and 125,056 $USDC.

24.57M $USDT was swapped to 12,457 $ETH and 125,056 $USDC was swapped to 63.6 $ETH.

All 13,010 $ETH was transferred to 7 wallets, of which 1 $ETH to #ChangeNOW. pic.twitter.com/FztcM8YZHS

— Lookonchain (@lookonchain) November 19, 2023

Providing further updates on the situation, Kronos posted on X, confirming crypto asset losses of approximately $26 million. Despite the substantial financial setback, the firm asserts its continued stability, assuring that the entire loss will be internally covered, with no adverse impact on its partners.

KronosResearch was attacked and lost ~$25.65M, including 24.57M $USDT, 488.7 $ETH($959K) and 125,056 $USDC.

24.57M $USDT was swapped to 12,457 $ETH and 125,056 $USDC was swapped to 63.6 $ETH.

All 13,010 $ETH was transferred to 7 wallets, of which 1 $ETH to #ChangeNOW. pic.twitter.com/FztcM8YZHS

— Lookonchain (@lookonchain) November 19, 2023

The landscape of negotiations between hackers and their victims is evolving, with an increasing trend toward public and on-chain interactions. In a recent incident involving the exploitation of KyberSwap, the attacker went as far as signing one of the transactions that siphoned funds from the decentralized exchange, expressing the intention to initiate negotiations after being "fully rested." In an attempt to recover stolen funds, KyberSwap offered the hacker a 10% bounty.

This strategic approach echoes a similar case in August when Curve Finance opted for a 10% bounty incentive to persuade hackers to return stolen crypto. The negotiation process was facilitated through transaction signing. Throughout the year, the decentralized finance (DeFi) sector has experienced thefts exceeding $1.2 billion from various protocols, according to reports from DeFiLlama.

Read More: Grayscale's GBTC Discount Narrows Amid ETF Optimism: Lowest Since July 2021