Decentralized finance (DeFi) protocol Curve Finance is extending a bug bounty provide to anybody who is ready to determine the exploiter accountable for draining over $61 million from its swimming pools on July 30.
Curve and different protocols affected by the assault supplied a ten% bug bounty to the hacker on Aug. 3, totaling greater than $6 million. Upon accepting the provide, the hacker returned stolen assets to Alchemix and JPEGd, however didn’t full refunds to different affected swimming pools. Because the deadline has handed, anybody who can determine the attacker will now be rewarded with belongings value $1.85 million.
“The deadline for the voluntary return of funds within the Curve exploit handed at 0800 UTC. We now lengthen the bounty to the general public, and provide a reward valued at 10% of remaining exploited funds (at the moment $1.85M USD) to the one who is ready to determine the exploited in a approach that results in a conviction within the courts,” reads the on-chain message, including that “if the exploiter chooses to return the funds in full, we is not going to pursue this additional.”
— Curve Finance (@CurveFinance) August 6, 2023
Previous to returning the funds, the attacker posted a message that seems to have been directed on the Alchemix and Curve groups, claiming to be keen to return the funds solely as a result of they didn’t wish to “destroy” the tasks concerned. “I’m refunding not as a result of yow will discover me, it’s as a result of I don’t wish to destroy your undertaking,” reads the on-chain message.
The assault occurred on July 30 and resulted within the drain of over $61 million in cryptocurrencies from Curve’s swimming pools, together with $13.6 million from Alchemix’s alETH-ETH, $11.4 million from JPEGd’s pETH-ETH, and $1.6 million from Metronome’s sETH-ETH. The hacker focused secure swimming pools utilizing weak variations of the Vyper programming language via reentrancy assaults.
The exploit exposed vulnerabilities across DeFi projects and sparked efforts to get well stolen funds throughout the ecosystem over the previous week.