Curve Finance, a popular decentralized (DeFi) protocol, has recently announced that it was rewarding persons capable of identifying the exploiters behind the draining of over $61 million from the platform\u2019s stable pools on July 30.\u00a0<\/p>\n
The huge bounty offer is open to every person who can pinpoint the individual behind the incident in such a way that would lead to definitive legal repercussions.\u00a0<\/p>\n
Curve Finance announced<\/a> the public offer using an Ethereum transaction\u2019s input data, noting that the allowed time for the voluntary return of the funds connected to the Curve exploit was 08:00 UTC, and that time is now elapsed.\u00a0<\/p>\n Curve and other protocols that were affected by the attack had previously offered<\/a> a 10% bug bounty to the hacker on August 3. Upon agreeing to the offer, the hacker returned<\/a> part of the stolen assets to JPEGd and Alchemix but did not refund other affected pools.\u00a0<\/p>\n Since the time allowed has elapsed, Curve announced that any person capable of identifying the hacker would receive assets worth $1.85 million. This recent announcement was extended in scope to include members of the general public.\u00a0<\/p>\n According to Curve, while the deadline for the voluntary return of stolen funds had passed, should the hacker elect to return the stolen funds, the platform \u201c\u2026will not pursue this further.\u201d\u00a0<\/p>\n While returning the parts of the funds earlier, the hacker left a message that was seemingly targeted at Curve and Alchemix teams, noting their intention to return the funds. However, the hacker stated that the decision to return such funds was not based on fear of being recognized but rather out of a desire not to \u201cruin\u201d the projects associated with the exploit.<\/p>\n\n Members of the Curve Finance community were left shocked after a hacker utilized vulnerable versions of the Vyper programming language to implement reentrancy attacks<\/a> on stable pools within Curve Finance on the 31st of July.\u00a0<\/p>\n The attack drained Curve Finance of over $61 million, including $13.6 million from Alchemix\u2019s aIETH-ETH, $11.4 million from JPEGd\u2019s pETH-ETH, and $1.6 million from Metronome\u2019s sETH-ETH. The event raised concerns about the likely fallout in the cryptocurrency ecosystem, especially with respect to the risks posed to every pool using Wrapped Ether (WETH).<\/p>\n The DeFi community rallied around to provide support to Curve Finance and on the 31st of July, a white hat hacker was able to successfully recover from the exploiter about 2,879 Ether worth about $5.4 million, which was later returned to Curve Finance. Another ethical hacker also recovered about 3,000 ETH and refunded it to Curve Finance\u2019s deployer address.\u00a0<\/p>","protected":false},"excerpt":{"rendered":" <\/p>\n Curve Finance, a popular decentralized (DeFi) protocol, has recently announced that it was rewarding persons capable of identifying the exploiters behind the draining of over $61 million from the platform\u2019s stable pools on July 30.\u00a0<\/p>\n The huge bounty offer is open to every person who can pinpoint the individual behind the incident in such a way that would lead to definitive legal repercussions.\u00a0<\/p>\n Curve Finance announced<\/a> the public offer using an Ethereum transaction\u2019s input data, noting that the allowed time for the voluntary return of the funds connected to the Curve exploit was 08:00 UTC, and that time is now elapsed.\u00a0<\/p>\n Curve and other protocols that were affected by the attack had previously offered<\/a> a 10% bug bounty to the hacker on August 3. Upon agreeing to the offer, the hacker returned<\/a> part of the stolen assets to JPEGd and Alchemix but did not refund other affected pools.\u00a0<\/p>\n Since the time allowed has elapsed, Curve announced that any person capable of identifying the hacker would receive assets worth $1.85 million. This recent announcement was extended in scope to include members of the general public.\u00a0<\/p>\n According to Curve, while the deadline for the voluntary return of stolen funds had passed, should the hacker elect to return the stolen funds, the platform \u201c\u2026will not pursue this further.\u201d\u00a0<\/p>\n While returning the parts of the funds earlier, the hacker left a message that was seemingly targeted at Curve and Alchemix teams, noting their intention to return the funds. However, the hacker stated that the decision to return such funds was not based on fear of being recognized but rather out of a desire not to \u201cruin\u201d the projects associated with the exploit.<\/p>\nThe $61 Million Reentrancy Attack<\/h2>\n
Curve Finance Extends Bounty Offer to the Public<\/h2>\n
The $61 Million Reentrancy Attack<\/h2>\n