In a recent twist of events, the perpetrator behind the attack on Curve Finance has initiated the process of returning the stolen funds. This move comes in response to Curve‘s firm stance against the disruptive attack and its on-chain “final warning” issued earlier.
Curve’s Determined “Final Warning” and Reward Offer
On August 4th, Curve Finance publicly confronted the hacker behind the attack with an on-chain “final warning.” In a tweet, Curve announced their willingness to offer a reward to the hacker. If the individual agreed to return the stolen funds to the project, they would be entitled to 10% of the lost assets. The proposition aimed to strike a balance between recovering the assets and encouraging cooperation with the attacker.
Read more: Huobi’s Co-Founder Acquires 10 Million CRV Tokens to Support Curve
Hacker Initiates Return of Stolen Assets
In a surprising twist, the hacker responded to Curve’s ultimatum by initiating the process of returning the pilfered funds. On the evening of August 4th, the hacker’s accounts took action, returning 6,107 ETH (approximately 11 million USD) from their front-run pool pETH-ETH at JPEG’d. Additionally, the hacker pool at Alchemix sent 1 alETH to the Curve Finance Deployer wallet. The move indicates a possible willingness on the part of the hacker to cooperate with the project and return the stolen assets.
In a surprising turn of events, the JPEG’d DAO recovered 5,494.4 WETH, reclaiming stolen funds after a recent exploit in the Curve Finance ecosystem. The hacker returned the majority of the funds, expressing an altruistic motive, and was awarded a 10% white-hat bounty for their efforts. This incident underscores the importance of security measures in DeFi and highlights the potential for unexpected outcomes in the blockchain landscape. It emphasizes the value of ethical hackers in improving project security and calls for continued vigilance to ensure the growth and resilience of projects like Curve Finance.
The hacker’s statement shared on-chain, conveyed an altruistic motivation for the act of restitution. Rather than fearing potential repercussions, the hacker emphasized a desire not to cause harm to the project and acknowledged that the amount may not have a significant impact on their own financial situation.
Curve Finance Hit by Mass Attack: Millions Lost from Repeated Exploits
As Coinwire reported that Curve Finance pools got hit by a $47M reentrancy vulnerability a couple of days ago. The incident targeted a series of stable pool pools utilizing the Vyper 0.2.15 programming language, resulting in significant losses for various projects. The attack began with JPED’d, an NFT loan project, reporting an attack on the pETH-ETH liquidity pool, leading to losses of approximately $11.4 million USD. Subsequently, the sETH-ETH team of the Metronome project faced a withdrawal of over $1.6 million USD. Several other projects, including Alchemix, Debridge, and Elippsis, also reported similar instances.
As a consequence, more than $42 million has been withdrawn from Curve groups due to these repeated exploits, as stated by security firm BlockSec. The DeFi community remains on high alert as the situation unfolds, and measures are being taken to address the vulnerabilities and strengthen the platform’s security.
Conclusion
Curve Finance’s “final warning” has proven effective, with the hacker now returning the stolen funds. The crypto community remains vigilant as they acknowledge the significance of this response in securing the DeFi ecosystem. This incident highlights the importance of security and collaboration within the space. The return of the assets marks a significant step towards restoring trust and safeguarding DeFi’s integrity. Going forward, this event may set a precedent for proactive and cooperative approaches to handling decentralized attacks.