Curve, Metronome, and Alchemix, three decentralized finance (DeFi) platforms, have united to recover stolen funds from a recent exploit that occurred in Curve’s pools. The exploit took place on July 30, resulting in the theft of approximately $70 million in cryptocurrencies. Additionally, it was observed that Curve’s native token, CRV, suffered a sharp price decline from $0.73 to $0.5 after the attack.
To recover the funds, the protocols are offering a 10% bounty as a reward to whoever is responsible for the exploit if they return the remaining 90%. The deadline for this voluntary return is August 6 at 8:00 a.m. UTC.
To encourage a peaceful resolution, the protocols assure that there will be no legal actions or involvement of law enforcement if the responsible party steps forward and returns the funds voluntarily. They have set up a direct channel for communication via firstname.lastname@example.org, and any party wanting to negotiate must verify their ownership of the email address on-chain.
However, if the responsible party chooses not to cooperate by the specified deadline, the bounty will be increased to 10% and offered to anyone who can identify them and lead to their conviction in court. The trio will pursue all legal avenues to bring the perpetrator to justice.
The attack exploited a critical vulnerability in versions of the Vyper programming language, affecting four liquidity pools on Curve Finance that were using vulnerable versions (0.2.15, 0.2.16, and 0.3.0). The incident has caused concern and uncertainty within the crypto community, raising worries about potential implications for the DeFi ecosystem.
A similar activity was previously observed in a report by Todayq News on March 13, 2023, where hackers carried out a significant flash loan assault on the decentralized finance (DeFi) platform Euler Finance, resulting in the theft of a substantial $195 million. This incident marked the largest attack of 2023 up until that point. The stolen funds were subsequently transferred to two new wallets, with one of them containing DAI tokens and Ethereum (ETH) stablecoins. Euler Finance had confirmed the occurrence of the hack.
On March 15, 2023, Euler Finance issued a request to the responsible hacker, urging them to return 90% of the stolen funds or face legal consequences. The platform also offered a bounty of nearly $20 million as an alternative to litigation.