Decentralized exchange Curve Finance has partnered with Metronome and Alchemix to offer a 10% bug bounty to the attackers responsible for the recent exploit that resulted in over $50 million being stolen from the platforms’ pools. In an on-chain message, the protocols have proposed that they will drop the case if the attackers return 90% of the stolen funds, allowing them to keep 10% for themselves.
On July 30, four Curve Finance pools were exploited using the Vyper programming language, which led to a malfunctioning re-entrancy lock. This exploit affected decentralized finance protocols such as Metronome, Alchemix, and Ellipsis. Although the exact amount lost in the hack is still unclear, it is estimated to be over $50 million.
Curve Finance, Metronome, and Alchemix have taken steps to recover the funds by reaching out to the attackers on-chain. They have offered immunity from law enforcement issues if the attackers comply with their proposal. The trio has given the hackers until August 6 to return 90% of the funds. If the deadline is not met, the bounty will be made public, and anyone who can identify the attackers will receive the full 10% reward.
To facilitate negotiations, the platforms have provided an email address for the exploiters to contact them as soon as possible. However, the exploiters must verify their ownership of the addresses holding the stolen funds before any discussions can take place.
In a positive turn of events, a white hat hacker named c0ffeebabe.eth has already returned 2,879 ETH worth approximately $5.4 million to the protocol deployer address on July 31. This action was taken to prevent further losses on the exchange.
The collaboration between Curve Finance, Metronome, and Alchemix demonstrates their commitment to recovering the stolen funds and holding the attackers accountable. By offering a bug bounty and engaging with the hackers, they aim to resolve the situation while minimizing the impact on their respective communities.
It remains to be seen whether the attackers will comply with the proposal and return the majority of the stolen funds. If they fail to do so, the public will be enlisted to assist in identifying the culprits, with the promise of a substantial reward for successful conviction.
This ongoing incident highlights the importance of robust security measures within the cryptocurrency space. As the industry continues to evolve, it is crucial for platforms to remain vigilant against potential exploits and vulnerabilities.