Exploited Curve Finance has openly offered $1.85M in bounty to anyone who can identify the hacker who recently exploited the project and made away wit
Exploited Curve Finance has openly offered $1.85M in bounty to anyone who can identify the hacker who recently exploited the project and made away with funds worth several million.
The decentralized finance protocol made this known in an unencrypted message to the public via Etherscan, offering up to the tune of 10% of the unreturned funds. In a move to seek community support, Curve Finance offers a mouth-watering incentive to person(s) who can identify the hacker.
Curve Finance offers hackers 10% of stolen funds
On July 30, Curve Finance fell victim to a hack that saw the exploiters making away with over $60 million worth of stolen funds. The cause of the fraud was attributed to a vulnerability in reentrancy locks on several versions of the Vyper programming language.
Following the hack, Curve Finance and other affected protocols including self-repaying loan platform Alchemix and NFT-staking platform JPEG’d offered 10% of the stolen funds (0ver $60 million) to the exploiters on a condition that they return 90% on or before August 6.
The hackers agreed to the offer and returned some of the assets to Alchemix and JPEG’d still holding back $18.5 million. Since the complete amount as agreed wasn’t returned, and the deadline passed, Curve Finance extended the bounty to the public to help identify the perpetrators and consequently charge them to court.
Related Reading: Curve Finance TVL Drops Over $1B as Users Immediately Withdraw Funds
The deadline for the CRV/ETH exploiter passeshttps://t.co/VphQ0bfYr2 pic.twitter.com/x8LP9Tx4rs
— Curve Finance (@CurveFinance) August 6, 2023
Consequently, Curve Finance changes its stance and now requests for the stolen funds to be returned in full, as anything short of 100% will attract legal action taken against them.
In a statement on the X platform (formerly Twitter), Curve Finance categorically stated that even though the deadline for the refund has passed, it will not pursue the case further if the hackers choose to return the stolen funds in full.
“The deadline for the voluntary return of funds in the Curve exploit passed at 0800 UTC. We now extend the bounty to the public, and offer a reward valued at 10% of remaining exploited funds (currently $1.85M USD) to the person who is able to identify the exploited in a way that leads to a conviction in the courts,” “if the exploiter chooses to return the funds in full, we will not pursue this further.”
Hackers returned stolen funds in goodwill?
Prior to the refunds, the hackers sent an on-chain message to the teams behind Alchemix and JPEG’d stating that they are returning the funds solely because they don’t want to “ruin the project.” This reason is opposed to public speculation that the funds were being returned because the hackers were scared that they will be caught.
“I’m refunding not because you can find me, it’s because I don’t want to ruin your project,” the hacker said.
crvUSD stablecoin reacts
Following the exploit last week, Curve Finance stablecoin crvUSD was severely affected as it dropped from its $1 peg to about $0.998. However, recent data shows that the stablecoin has begun to recover and restore its dollar peg, rising to $0.9992 at press time.
Source: CoinMarketCap
COMMENTS