Alchemix Announces Return of Stolen Funds
Alchemix, a lending platform, has reported that all the funds stolen by the Curve Finance hacker from Alchemix’s alETH-ETH pool have been returned. The hacker had exploited a reentrancy bug in the Vyper programming language used on Curve Finance to drain around $61 million from the protocol. Alchemix lost approximately $13.6 million in the attack, while other pools, such as JPEGd’s pETH-ETH pool and Metronome’s sETH-ETH pool, also saw significant outflows. In response, Alchemix, Metronome, and Curve Finance offered the hacker a 10% bug bounty as a reward for returning the stolen funds.
An Offer the Hacker Couldn’t Refuse
The three protocols gave the hacker until August 6th to accept their offer, warning that if the hacker refused or ignored their warning, they would expand the bounty to the public. They also stated that the hacker would face legal action and the full force of the law if they failed to comply. However, the hacker accepted the offer and returned the funds on August 4th. In a message on the Ethereum network, the hacker stated that they were refunding the funds because they did not want to ruin the impacted projects, not because they were caught or threatened with legal action.
Hacker Accepts Offer and Returns Funds
The hacker returned 1 alETH to the Curve Finance deployer account and made additional transfers totaling around 4820.55 alETH, which were sent to the Alchemix development team’s multisig wallet. In total, the hacker returned approximately $8.9 million worth of crypto assets, making up around 15% of the stolen funds. NFT protocol JPEG’d also confirmed that they had been refunded, with the hackers returning around 5495 ETH. As a result, Alchemix and JPEG’d will not be taking any legal action against the hackers.
DeFi Breathes a Sigh of Relief
The return of the stolen funds brings a sense of relief to the DeFi ecosystem, which was under pressure following the Curve Finance exploit. The hack had caused the value of the protocol’s CRV token to plummet and put major DeFi protocols at risk due to potential liquidation of loans. However, with the funds returned, the immediate threat has been mitigated, providing some respite to the DeFi community.
Hot Take
The prompt return of the stolen funds by the hacker is a positive outcome for Alchemix and the other affected protocols. It demonstrates the potential effectiveness of bug bounty programs in resolving security incidents and highlights the importance of open dialogue and negotiation in the crypto space. However, this incident also raises concerns about the vulnerabilities of smart contract programming languages and the need for ongoing security measures to protect DeFi platforms and their users.