Although a hacker returned some of the money, most is still missing
Decentralized finance (DeFi) protocol Curve Finance is offering a bug bounty to anyone that can identify the parties responsible for sapping over $61 million from its pools on July 30. Although some of the money was returned, there’s still a lot more out there.
A 10% bug bounty was offered to the hacker by Curve and other protocols on August 3 for over $6 million. After accepting the offer, the hacker returned the stolen assets to Alchemix and JPEGd, but nothing was refunded to other pools affected by the breach. Now that the deadline has passed, anyone identifying the hacker will win a reward worth $1.85 million.
“The deadline for the voluntary return of funds in the Curve exploit passed at 0800 UTC. We now extend the bounty to the public and offer a reward valued at 10% of remaining exploited funds (currently $1.85 million) to the person who is able to identify the exploited in a way that leads to a conviction in the courts,” says the on-chain message. It added, “If the exploiter chooses to return the funds in full, we will not pursue this further.”
The attacker posted a message before returning the funds, which appeared to be directed at the Alchemix and Curve teams, saying, “I’m refunding not because you can find me, it’s because I don’t want to ruin your project.”
The July 30 attack resulted in the theft of more than $61 million in cryptocurrencies from Curve’s pools, $13.6 million from Alchemix’s alETH-ETH, $1.6 million from Metronome’s sETH-ETH, and $11.4 million from JPEGd’s pETH-ETH. Stable pools using vulnerable renditions of the Vyper programming language were targeted through the reentrancy attacks.
These most recent attacks have exposed DeFi projects’ vulnerabilities and have boosted efforts to recover stolen funds across the entire ecosystem in the past week.
Editor-in-Chief of the Big Blind, a prominent gambling industry publication, brings 30+ years of journalism experience to his role. His vision emphasizes clarity, accessibility, and responsible journalism, making the Big Blind a trusted source in the online gambling sector.