Curve Finance Recovers over 70% of Hacked Funds: Report
The hackers who exploited Curve Finance have returned 73%
of the tokens stolen from the decentralized finance (DeFi) platform. So far,
the amount of tokens returned is estimated at USD $53 million, according
to a report by a blockchain data analytics platform.
About a week ago, Curve
Finance, the DeFi platform for stablecoins, was exploited through a reentrancy bug on its smart contracts programming language, Vyper. The exploit led to price
volatility in CRV, the native token of the DeFi platform. Additionally, it
prompted the cryptocurrency exchange Upbit to suspend deposits and withdrawals of the
token.
“A number of
stablepools (alETH/msETH/pETH) which are using Vyper 0.2.15 have been exploited
as a result of a malfunctioning reentrancy lock,” Curve Finance said.
“We are assessing the situation and will update the community as things
develop.”
However, according to a post by PeckShield on X social
media platform, ethical hackers are beginning to return the spoils. All the
tokens, worth USD $22 million, stolen from the lending protocol AlchemixFi have
reportedly been returned. This amount comprises 7,258 Ether and 4,821 Alchemix
Ether.
On top of that, a trading
bot has returned 90% of the tokens worth USD $11.5 million stolen from Jpegd.
Similarly, tokens worth USD $6 million and USD $13 million, which were stolen
from the synthetic protocol Metronome and Curve trading pool, respectively,
have been recovered.
Curve Finance’s Bug
Bounty
On August 3, the exploited protocols, Curve, Metronome,
and Alchemix, announced a bug bounty to incentivize hackers to return the
stolen funds. In the statement on Etherscan, the platforms said: “We are
offering a 10% bounty of any stolen funds, which are yours to keep if you
return the remaining 90%.”
Finance
Magnates reported that Curve
was exploited through a
type of attack known as Reentrancy. This vulnerability allows codes from
malicious third parties to be executed within a smart contract. Thus, hackers
are able to make repeated calls to a blockchain platform and siphon funds.
The hackers who exploited Curve Finance have returned 73%
of the tokens stolen from the decentralized finance (DeFi) platform. So far,
the amount of tokens returned is estimated at USD $53 million, according
to a report by a blockchain data analytics platform.
About a week ago, Curve
Finance, the DeFi platform for stablecoins, was exploited through a reentrancy bug on its smart contracts programming language, Vyper. The exploit led to price
volatility in CRV, the native token of the DeFi platform. Additionally, it
prompted the cryptocurrency exchange Upbit to suspend deposits and withdrawals of the
token.
“A number of
stablepools (alETH/msETH/pETH) which are using Vyper 0.2.15 have been exploited
as a result of a malfunctioning reentrancy lock,” Curve Finance said.
“We are assessing the situation and will update the community as things
develop.”
However, according to a post by PeckShield on X social
media platform, ethical hackers are beginning to return the spoils. All the
tokens, worth USD $22 million, stolen from the lending protocol AlchemixFi have
reportedly been returned. This amount comprises 7,258 Ether and 4,821 Alchemix
Ether.
On top of that, a trading
bot has returned 90% of the tokens worth USD $11.5 million stolen from Jpegd.
Similarly, tokens worth USD $6 million and USD $13 million, which were stolen
from the synthetic protocol Metronome and Curve trading pool, respectively,
have been recovered.
Curve Finance’s Bug
Bounty
On August 3, the exploited protocols, Curve, Metronome,
and Alchemix, announced a bug bounty to incentivize hackers to return the
stolen funds. In the statement on Etherscan, the platforms said: “We are
offering a 10% bounty of any stolen funds, which are yours to keep if you
return the remaining 90%.”
Finance
Magnates reported that Curve
was exploited through a
type of attack known as Reentrancy. This vulnerability allows codes from
malicious third parties to be executed within a smart contract. Thus, hackers
are able to make repeated calls to a blockchain platform and siphon funds.
