Decentralized Exchange Curve Finance Offers 10% Bug Bounty to Attackers
Curve Finance has partnered with Metronome and Alchemix to offer a 10% bug bounty to the attackers responsible for the recent exploit on their platforms. The exploit resulted in over $50 million being stolen from the pools. According to an on-chain message, the protocols are willing to drop the case if the attackers return 90% of the funds, keeping 10% for themselves.
Key points:
– The exploit occurred on July 30, affecting four Curve Finance pools.
– The attackers used a malfunctioning re-entrancy lock in the Vyper programming language to access the pools.
– Metronome, Alchemix, and Ellipsis were also impacted by the hack, with estimated losses above $50 million.
– The protocols have given the attackers until August 6 to return 90% of the funds or the bounty will be offered to the public.
– If the hackers choose not to comply, anyone who can identify them and lead to their conviction will receive the full 10% bounty.
Roughly $5.4M Returned by White Hat Hacker
A white hat hacker named c0ffeebabe.eth has already returned 2,879 ETH (worth approximately $5.4 million) to the protocol deployer address. The hacker exploited one of Curve Finance’s pools to prevent further losses. The platforms have provided an email address for the attackers to contact them for negotiations, but ownership verification of the stolen funds is required before any discussions can take place.
Hot Take
Curve Finance, Metronome, and Alchemix are taking a unique approach to recover the stolen funds by offering a bug bounty to the attackers. This strategy aims to incentivize the return of the majority of the funds in a peaceful manner. However, it remains to be seen whether the attackers will comply or if the bounty will be offered to the public. The return of a significant portion of the stolen funds by a white hat hacker adds an interesting twist to the situation.
By
By
By