Curve Finance Offers 10% Bounty to Hacker Who Stole Millions of Dollars

Curve Finance, a prominent decentralized finance (DeFi) protocol, has partnered with Metronome, and Alchemix to offer a 10% bounty to the hacker who exploited a vulnerability in its smart contracts and stole millions of dollars from various DeFi platforms. The hacker has until August 6 to return the stolen funds and claim the bounty, or face legal consequences.

Key Takeaways

  • Curve Finance has offered a 10% bounty to the hacker who stole millions of dollars from the platform.
  • The hacker exploited a flaw in Vyper, a programming language for Ethereum smart contracts.
  • The hack has caused a significant drop in the TVL of DeFi platforms.
  • After the 6th August deadline the bounty will be forwarded to other whitehat  hackers who can help the exchanges recover the stolen funds.

We wrote an article on the how Curve Finance pools were exploited due to reentrancy vulnerability. Here is a little summary :

On July 30, Curve Finance reported that several pools that were employing the Vyper programming language were hacked leading to losses over $47M. The exploit was facilitated by flaws in certain versions of the Vyper compiler, which failed to correctly implement the reentrancy guard. The vulnerability impacted 0.2.15, 0.2.16, and 0.3.0 versions of Vyper, compromising the security of numerous contracts across the platform.

The Bounty

The hacker stole an estimated $60 – $70 million from Curve Finance, Alchemix, and Metronome. Curve Finance has said that it is willing to drop the matter and not pursue legal action if the hacker returns the funds voluntarily by August 6. However, if the hacker does not comply, Curve Finance and the other affected projects will offer the same 10% bounty to anyone who can identify the hacker and help them get convicted in court.

Curve, Metronome, and Alchemix wrote:

“We as a group … would like to discuss a bounty with any parties who were involved in the recent Curve exploits. We are offering a 10% bounty of any funds stolen, which are yours to keep if you return the remaining 90%.”

Curve Finance also wrote on Twitter/X :

Consequences of the Hack

The hack has caused a significant drop in the total locked value (TVL) of DeFi platforms, as investors and liquidity providers have withdrawn more than $3 billion from DeFi services since July 30. Investors in DeFi are concerned that the present state of the market might cause an industry-wide contagion. The hack has also raised questions about the security and reliability of Vyper smart contracts, which are used by many DeFi protocols.

As per DefiLlama data, the TVL fall from $43.81 billion to $40.59 billion at the time of writing this article. Two Defi protocol – Curve Finance and Convex Finance shared two third of the brunt.

Curve Finance Offers 10% Bounty to Hacker
Source: DeFiLlama


Author’s Take 

The offer of a 10% bounty by Curve Finance and other DeFi platforms is an example of how DeFi projects can work together to recover from such incidents and deter future attacks. It remains to be seen whether the hacker will accept the offer or face legal action. Either way, this hack will likely have lasting implications for the DeFi sector and its users.

Such thing reduce the trust of investors and users in the Defi ecosystem, therefore a robust system is needed for Defi to flourish in the future.

Suggested Reading :

Leave a Comment