Curve Finance, a popular DeFi project, is taking measures to identify the exploiter responsible for draining over $61 million from its pools on July 30. Although the hacker returned some stolen funds to projects Alchemix and JPEGd after being offered a 10% bug bounty, Curve Finance is now offering a $1.85 million public bounty to anyone who can accurately identify the exploiter and lead to legal repercussions unless the funds are returned in full.
The hacker utilized vulnerable versions of the Vyper programming language to execute reentrancy attacks on targeted stable pools, resulting in substantial losses for the project. While the exploiter returned some stolen crypto to two projects, they did not refund the other exploited pools.
Curve Finance had set a deadline for the voluntary return of the stolen funds, which has now passed. In response, they have publicly announced the bounty and offered a reward equivalent to 10% of the remaining exploited funds (currently valued at USD 1.85 million) to the person who can identify the hacker in a way that leads to a conviction in the courts.
The DeFi protocol clarified that they would not pursue legal action if the exploiter fully returns the funds, demonstrating a willingness to resolve the situation peacefully. The entire message regarding the bounty was also shared on X (formerly Twitter), raising awareness about the initiative.
The DeFi space continues to face security challenges, and projects are increasingly focused on protecting their users’ funds and the integrity of the ecosystem. By offering a substantial bounty, Curve Finance aims to incentivize individuals to come forward with information to help identify and hold the exploiter accountable for their actions.
As the situation unfolds, the DeFi community will closely monitor developments, hoping for the hacker’s identification and the return of the remaining stolen funds. The incident serves as a reminder of the importance of robust security measures in the DeFi sector and the need for continued efforts to combat malicious actors.
