|

Crypto News

After The Deadline For The Exploiter’s Return Has Passed, Curve Finance Opens A Bounty

Author

Jay Solano

Tags

Reading time

2 mins
Last update

Author

Jay Solano

Tags

Reading time

2 mins
Last update

Author

Jay Solano

Tags

Reading time

2 mins
Last update

curve

Join our growing community


Curve Finance is offering $1.85 million for stable pool exploiters.

Curve Finance, a decentralized finance (DeFi) technology, is offering a bug bounty to find the exploiter who stole $61 million from its pools on July 30. 

On Aug. 3, Curve and other impacted protocols awarded a 10% bug prize to the hacker, totaling over $6 million. The hacker refunded Alchemix and JPEGd but not other affected pools after accepting the offer. After the deadline, identifying the attacker will get $1.85 million.

“The Curve exploit voluntary fund return deadline passed at 0800 UTC. “We now extend the bounty to the public, and offer a reward valued at 10% of remaining exploited funds (currently $1.85M USD) to the person who is able to identify the exploited in a way that leads to a conviction in the courts,” reads the on-chain message. “If the exploiter chooses to return the funds in full, we will not pursue this further.”

The attacker released a message that appears to have been addressed at the Alchemix and Curve teams, suggesting they would return the monies only to avoid ruining the projects. “I’m refunding not because you can find me, it’s because I don’t want to ruin your project,” reads the on-chain message.

The July 30 hack drained over $61 million in cryptocurrencies from Curve’s pools, including $13.6 million from Alchemix’s alETH-ETH, $11.4 million from JPEGd’s pETH-ETH, and $1.6 million from Metronome’s sETH-ETH. Reentrancy attacks targeted stable pools running vulnerable Vyper programming languages.

Over the past week, DeFi projects’ weaknesses were exposed, prompting efforts to retrieve stolen monies.