Curve Finance opens bounty after exploiter’s return deadline expires

admin August 6, 2023August 6, 2023

[ad_1]

Decentralized finance (DeFi) protocol Curve Finance is extending a bug bounty supply to anybody who is ready to establish the exploiter liable for draining over $61 million from its swimming pools on July 30.

Curve and different protocols affected by the assault supplied a ten% bug bounty to the hacker on Aug. 3, totaling greater than $6 million. Upon accepting the supply, the hacker returned stolen assets to Alchemix and JPEGd, however didn’t full refunds to different affected swimming pools. Because the deadline has handed, anybody who can establish the attacker will now be rewarded with property value $1.85 million.

“The deadline for the voluntary return of funds within the Curve exploit handed at 0800 UTC. We now lengthen the bounty to the general public, and supply a reward valued at 10% of remaining exploited funds (at the moment $1.85M USD) to the one that is ready to establish the exploited in a approach that results in a conviction within the courts,” reads the on-chain message, including that “if the exploiter chooses to return the funds in full, we is not going to pursue this additional.”

The deadline for the CRV/ETH exploiter passeshttps://t.co/VphQ0bfYr2 pic.twitter.com/x8LP9Tx4rs

— Curve Finance (@CurveFinance) August 6, 2023

Previous to returning the funds, the attacker posted a message that seems to have been directed on the Alchemix and Curve groups, claiming to be prepared to return the funds solely as a result of they didn’t wish to “damage” the initiatives concerned. “I’m refunding not as a result of you’ll find me, it’s as a result of I don’t wish to damage your challenge,” reads the on-chain message.

The assault occurred on July 30 and resulted within the drain of over $61 million in cryptocurrencies from Curve’s swimming pools, together with $13.6 million from Alchemix’s alETH-ETH, $11.4 million from JPEGd’s pETH-ETH, and $1.6 million from Metronome’s sETH-ETH. The hacker focused secure swimming pools utilizing susceptible variations of the Vyper programming language by way of reentrancy assaults.

The exploit exposed vulnerabilities across DeFi projects and sparked efforts to recuperate stolen funds throughout the ecosystem over the previous week.

Magazine: How smart people invest in dumb memecoins — 3-point plan for success