Curve Finance Offers Bug Bounty for Identifying Hacker Responsible for $61 Million Drain
Curve Finance, a decentralized finance (DeFi) protocol, is extending a bug bounty offer to anyone who can identify the exploiter behind the $61 million drain from its pools on July 30. The hacker returned stolen assets to Alchemix and JPEGd but did not complete refunds to other affected pools. As the deadline has passed, anyone who can identify the attacker will now be rewarded with assets worth $1.85 million.
Key Points:
- Curve Finance is offering a bug bounty to identify the hacker responsible for draining $61 million from its pools.
- The hacker returned stolen assets to some pools but not others.
- The deadline has passed, and now anyone who can identify the attacker will be rewarded with assets worth $1.85 million.
- The attacker posted a message stating they were willing to return the funds to avoid “ruining” the projects involved.
- The attack exposed vulnerabilities in DeFi projects and prompted recovery efforts across the ecosystem.
Prior to returning the funds, the attacker left a message suggesting they were only refunding because they didn’t want to harm the projects involved. The attack targeted vulnerable versions of the Vyper programming language through reentrancy attacks. It drained a total of $61 million from Curve’s pools, including significant amounts from Alchemix, JPEGd, and Metronome. The incident highlighted vulnerabilities in DeFi projects and led to collaborative recovery efforts in the ecosystem.
Hot Take:
The bug bounty offered by Curve Finance reflects the importance of addressing security vulnerabilities in the DeFi space. By incentivizing the identification of the attacker, Curve aims to further enhance the security of its protocol and prevent similar incidents in the future. This incident serves as a reminder for all DeFi projects to prioritize security measures and collaborate to protect users’ funds.
By
By
By
By
By