Curve Finance opens bounty after exploiter’s return deadline expires
Ana Paula Pereira11 hours agoCurve Finance opens bounty after exploiter’s return deadline expiresCurve Finance is extending a $1.85 million bug bounty offer to anyone who can identify the exploiter of its stable pools.2529 Total views26 Total sharesListen to article 0:00NewsJoin us on social networksDecentralized finance (DeFi) protocol Curve Finance is extending a bug bounty offer to anyone who is able to identify the exploiter responsible for draining over $61 million from its pools on July 30.
Curve and other protocols affected by the attack offered a 10% bug bounty to the hacker on Aug. 3, totaling more than $6 million. Upon accepting the offer, the hackerreturned stolen assets to Alchemix and JPEGd, but did not complete refunds to other affected pools. As the deadline has passed, anyone who can identify the attacker will now be rewarded with assets worth $1.85 million.
“The deadline for the voluntary return of funds in the Curve exploit passed at 0800 UTC. We now extend the bounty to the public, and offer a reward valued at 10% of remaining exploited funds (currently $1.85M USD) to the person who is able to identify the exploited in a way that leads to a conviction in the courts," reads the on-chain message, which adds that “if the exploiter chooses to return the funds in full, we will not pursue this further."The deadline for the CRV/ETH exploiter passeshttps://t.co/VphQ0bfYr2 pic.twitter.com/x8LP9Tx4rs— Curve Finance (@CurveFinance) August 6, 2023
Prior to returning the funds, the attacker posted a message that appears to have been directed at the Alchemix and Curve teams, claiming to be willing to return the funds only because they didn’t want to ruin the projects involved. “I’m refunding not because you can find me, it’s because I don’t want to ruin your project,” reads the on-chain message.
The attack occurred on July 30 and resulted in the drain of over $61 million in cryptocurrencies from Curve’s pools, including $13.6 million from Alchemix’s alETH-ETH, $11.4 million from JPEGd’s pETH-ETH and $1.6 million from Metronome’s sETH-ETH. The hacker targeted stable pools using vulnerable versions of the Vyper programming language through reentrancy attacks.
The exploit exposed vulnerabilities across DeFi projects and sparked efforts to recover stolen funds across the ecosystem over the past week.
Magazine: How smart people invest in dumb memecoins — 3-point plan for success# Business# Hackers# Hacks# DeFi# Curve FinanceAdd reactionAdd reactionRelated NewsWhat are NFT royalties, and how do they work?Worldcoin: Should you let Sam Altman scan your eyeballs for WLD?Ensuring integrity of blockchain transactions: Trust through auditsBreaking: Curve Finance pools exploited by over $47M due to reentrancy vulnerabilityCEX price feed prevents Curve price from collapsing amid $100M vulnerabilityCurve emergency DAO terminates rewards for hack-related pools