Curve Finance Faces $60 Million Hack, Offers Public Bounty A week ago, the decentralized finance (DeFi) platform Curve Finance faced a major exploit with hackers stealing north of $60 million in funds.
Curve Finance Offers high bounty to whomever can trace the hacker
After a week of failing to meet the deadline to return the funds, Curve Finance has decided to drag the exploiter to court and pursue the case further.
Curve and other protocols impacted by the attack tried to stop the hacker and offered them a reward of 10% of the stolen funds, totaling more than $6 million. The hacker accepted the offer and returned some of the stolen assets to Alchemix and JPEGd.
However, it didn’t complete refunds to other affected pools. Now, since the deadline has passed, Curve Finance is offering a public bounty. Thus, anyone identifying the attacker shall receive rewards with assets worth $1.97 million. In an on-chain message, Curve Finance noted:
if the exploiter chooses to return the funds in full, we will not pursue this further…
“The deadline for the voluntary return of funds in the Curve exploit passed at 0800 UTC. We now extend the bounty to the public, and offer a reward valued at 10% of remaining exploited funds (currently $1.85M USD) to the person who is able to identify the exploited in a way that leads to a conviction in the courts,” adding that “if the exploiter chooses to return the funds in full, we will not pursue this further.”
Hacker Returns Funds to Alchemix, Curve Finance Pursues Legal Action Before returning the stolen funds, the attacker sent a message to the Alchemix and Curve teams, saying that they were doing it not because they were afraid of being caught, but because they didn’t want to harm their projects.
“I’m refunding not because you can find me, it’s because I don’t want to ruin your project,” as per the on-chain message by the attacker.
positive signs in the economy, crvUSD gets it together after the exploit
Stablecoin crvUSD Restores Peg After Curve Finance Exploit After a strong fall last week, it seems that Curve Finance’s native stablecoin crvUSD has restored its dollar peg.
Inside the July 30 Attack on Curve Finance: Reentrancy Attacks Explained The attack took place on July 30 and resulted in more than $61 million being stolen from Curve’s pools, including large amounts from Alchemix’s, JPEGd’s, and Metronome’s pools. The attacker used a technique called reentrancy attacks on vulnerable versions of the Vyper programming language to target stable pools.
1 Comment