Curve Finance, a decentralized finance (DeFi) protocol, is offering a bug bounty to anyone who can identify the exploiter responsible for draining over $61 million from its pools on July 30. In addition to Curve, other protocols affected by the attack have also offered a 10% bug bounty to the hacker, totaling more than $6 million. The hacker, who had already returned stolen assets to Alchemix and JPEGd, did not complete refunds to other affected pools. As the deadline for voluntary returns has passed, Curve is now extending the bounty to the public, offering a reward valued at 10% of the remaining exploited funds, which is currently worth $1.85 million. The on-chain message states that if the exploiter chooses to return the funds in full, no further action will be pursued by Curve.
Before returning the funds, the attacker left a message that seemed to be addressed to the Alchemix and Curve teams. The message expressed the intention to refund the funds not because of the fear of being caught, but because the attacker did not want to ruin the projects involved. The on-chain message read, “I’m refunding not because you can find me, it’s because I don’t want to ruin your project.”
The attack occurred on July 30 and resulted in the theft of over $61 million in cryptocurrencies from Curve’s pools. This included $13.6 million from Alchemix’s alETH-ETH, $11.4 million from JPEGd’s pETH-ETH, and $1.6 million from Metronome’s sETH-ETH. The hacker targeted stable pools using vulnerable versions of the Vyper programming language through reentrancy attacks.
The exploit has exposed vulnerabilities across DeFi projects and has sparked efforts to recover the stolen funds throughout the ecosystem over the past week.
Curve Finance and other affected protocols are determined to hold the exploiter accountable for their actions. By extending the bug bounty to the public, they hope that someone will come forward with information that can lead to the identification and conviction of the attacker in court. The reward for this information is valued at 10% of the remaining exploited funds, which currently amounts to $1.85 million.
The attack on Curve Finance and other protocols highlights the ongoing risks and challenges faced by DeFi platforms. Despite efforts to improve security and prevent such exploits, hackers continue to find vulnerabilities in these systems. It is crucial for DeFi projects to actively address these vulnerabilities and work towards enhancing the security of their platforms to protect users’ funds and maintain the integrity of the ecosystem.
Source link