The hackers responsible for the recent attack on Curve Finance have returned approximately 73% of the stolen assets, amounting to around $52.3 million. This comes after the decentralized exchange suffered a reentrancy attack that affected four pools using a specific version of the Ethereum Virtual Machine smart contract programming language Vyper. The hack also impacted other decentralized finance protocols, including Metronome, Alchemix, and Ellipsis.
In an effort to recover the remaining $19.7 million, Curve, Metronome, and Alchemix reached out to the attackers, offering a 10% bug bounty in exchange for the return of 90% of the stolen assets. They set a deadline for the assets to be returned, after which they would involve law enforcement. However, less than 24 hours after the proposal, one of the exploiters sent back a significant portion of the funds to Alchemix, worth $8.9 million.
Over the weekend, most of the funds were returned to the affected protocols. Alchemix received all of its lost assets, totaling $22 million in ETH and alETH. JPEG’d, another affected protocol, received $10.1 million in WETH. Additionally, white hat hackers returned the $13 million taken from Alchemix during the exploit, and Metronome received $1.4 million. It’s important to note that the hackers kept 10% of the funds, as Curve had offered.
Since the deadline has passed, Curve has extended a 10% bounty for the remaining funds to the public. However, they stated that the offer would end if the exploiter chose to return the funds in full.
Overall, Curve Finance has managed to recover a significant portion of the stolen assets, showcasing the resilience and determination of the decentralized finance community in combating such attacks. The incident highlights the importance of robust security measures and the ongoing efforts to enhance the security of decentralized exchanges and protocols in the crypto space.