JPEG’d, a decentralized lending protocol enabling users to borrow against their NFT collateral, faced a major challenge when a hacker stole $11.6 million in crypto from Curve Finance. However, in a surprising turn of events, the hacker decided to return 5,495 ETH (equivalent to $10 million) that was stolen on July 30. As a gesture of appreciation for the return, the JPEG’d team rewarded the hacker with a bounty of 610.6 ETH, valued at $1.1 million.
The returned funds were safely deposited into the JPEG’d decentralized autonomous organization multi-sig wallet address. With this resolution, the team considers the incident a “white-hat rescue,” signifying that the hacker acted with good intentions and helped secure the platform.
The wider DeFi ecosystem suffered a significant blow in late July when multiple liquidity pools on Curve Finance were drained due to a security vulnerability in the Vyper smart contract programming language. The total losses amounted to an estimated $70 million in crypto. Among the affected projects were Ellipsis, Alchemix, Metronome, and Curve Finance, with approximately $22 million worth of Curve DAO (CRV) tokens lost.
Despite the challenges, the return of the stolen funds brings some relief to the impacted projects and the DeFi community as a whole. Efforts to strengthen security measures and enhance smart contract programming languages are likely to follow, aiming to prevent such incidents in the future.
Apart from JPEG’d, the Curve Finance exploiter has returned a total of 4,819 $alETH and 2259 $ETH so far to the Alchemix Finance team and also 1 ETH to the Curve Finance team, but it is still not confirmed by the team officially.
Whereas, Michael Egorov, the founder of Curve (CRV), faces a liquidity crisis due to the “Reentrancy Hack.” He sold almost 106 million CRV for $42.41 million but still has $65.34 million in debt. He holds nearly 346.93 million CRV ($220.4 million) as collateral on five platforms, at risk of liquidation. Recently, on August 4, 2023, he sold around 34 million CRV for $19 million to repay some more debts.
However, on August 4, 2023, Curve, Metronome, and Alchemix, three DeFi platforms, made a joint announcement about their partnership to recover $70 million that was stolen in a recent exploit. They have also proposed a 10% reward for the attacker if they choose to return 90% of the stolen funds by August 6.