Crypto trading firm Kronos Research negotiates with hacker after $26M security breach

In an unprecedented move within the cryptocurrency world, Kronos Research, a Taipei-based crypto trading firm, has extended a surprising olive branch to a hacker who recently exploited the company’s security vulnerabilities, resulting in a staggering loss of approximately $26 million in crypto assets. 

This unexpected gesture signals a growing trend of public negotiations between hackers and their victims, with victims opting to negotiate and offer a portion of the stolen funds to the attackers in exchange for the return of the remaining assets.

A significant security breach

Kronos Research made a public announcement through its official platform, acknowledging the security breach that occurred in mid-November. The breach allowed the hacker to abscond with $26 million worth of crypto assets, which undoubtedly constitutes a substantial setback for the trading firm. 

The breach primarily involved the theft of API keys, highlighting the inherent vulnerabilities associated with cryptocurrency trading platforms.

Kronos remains resilient

In response to the security breach, Kronos Research reassured its users through a statement posted on its official platform, referred to as “X.” The statement affirmed the company’s commitment to covering the entire loss internally, emphasizing that no partners or stakeholders would be adversely affected. While $25 million was initially reported as the loss, Kronos confirmed the actual amount as approximately $26 million in crypto assets.

The most intriguing aspect of Kronos Research’s response to the breach is the direct negotiation it initiated with the hacker responsible for the theft. In a message conveyed to the attacker, Kronos requested the return of 90% of the stolen funds, offering to allow the hacker to retain the remaining 10%. The company further pledged that no legal actions would be pursued once the conditions of returning the funds were met, as revealed by Etherscan data.

The outcome of these negotiations remains uncertain, and it ultimately depends on the hacker’s willingness to cooperate. However, Kronos Research subtly hinted that the involvement of relevant authorities could become a reality if the funds are not returned, casting a shadow of legal consequences over the situation.

A growing trend of hacker negotiations

The Kronos Research security breach underscores a broader trend in the cryptocurrency world: the emergence of public, on-chain negotiations between hackers and their victims. This trend has gained momentum as other crypto platforms have followed a similar path. KyberSwap recently conceded 10% of stolen funds to an attacker, while Curve Finance did the same back in August, also offering a 10% reward for the return of stolen assets.

The implications of this trend are far-reaching, as it may inadvertently incentivize bad actors to continue their illicit activities without facing severe repercussions. While it is essential to explore alternative means of recovering stolen assets, such negotiations may inadvertently create a new risk for the crypto industry.

The Kronos Research incident is just one example of a broader problem plaguing the cryptocurrency industry. In 2023 alone, more than $1.2 billion has been pilfered from Decentralized Finance (DeFi) protocols, as reported by DeFiLlama. These staggering losses underscore the pressing need for improved security measures and robust risk mitigation strategies within the decentralized finance sector.