Curve Finance is prepared to pay almost $2 million to anyone who can identify the malicious actor behind its exploit.
In the wake of a security breach that led to the loss of over $61 million from its liquidity pools on July 30th, Curve Finance, a decentralized finance (DeFi) protocol, is reaching out to the public with an enhanced bounty offer to identify the hacker.
Curve Finance and several other platforms hit by this cyber theft initially extended a 10% bug bounty on August 3rd, which amounted to over $6 million. To a certain extent, this strategy yielded results.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
What is an Automated Market Maker in Crypto? (Animated)
The hacker accepted the proposal and partially returned the stolen assets to Alchemix and JPEGd. However, other impacted pools have yet to receive any reimbursements. With the initial deadline expired, Curve now promises to reward a hefty sum of $1.85 million to anyone who can unmask the thief.
In an on-chain message, the company added, "If the exploiter chooses to return the funds in full, we will not pursue this further."
Before returning any funds, the attacker sent a message that seemingly targeted the Alchemix and Curve teams. The exploiter stated that the decision to return the funds was made out of the desire to save the projects, not out of fear of being caught. The on-chain message read:
I’m refunding not because you can find me, it’s because I don’t want to ruin your project.
The July 30th cyber-attack saw the exploit of over $61 million in cryptocurrencies from Curve's liquidity pools. The breakdown included $13.6 million from Alchemix's alETH-ETH pool, $11.4 million from JPEGd's pETH-ETH pool, and $1.6 million from Metronome's sETH-ETH pool. The attacker exploited stable pools through a reentrancy attack, targeting pools that used vulnerable versions of the Vyper programming language.
The breach laid bare vulnerabilities in several DeFi projects and has since sparked a scramble to retrieve the stolen funds within the ecosystem over the past week. This incident is a reminder of the continued risk and the need for improved security in the nascent DeFi sector.