• DeFi protocol Curve Finance has suffered a $73 million attack on 30 July.
• The hacker returned funds to only some pools, leaving $19 million unrecovered.
• Curve Finance has opened a bounty of $1.85 million to identify the exploiter behind the attack.
DeFi Protocol Curve Finance Suffers Attack
DeFi protocol Curve Finance has suffered an attack on 30 July, resulting in the theft of more than $73 million in crypto assets from its different pools. This included Alchemix, JPEGd and Metronome pools.
Hacker Returns Funds to Some Pools
The hacker accepted Curve’s bug bounty offer of 10% but only returned stolen funds to Alchemix and JPEGd, leaving over $19 million in stolen funds still remaining.
Bounty Offered by Curve Finance
In response, Curve Finance has offered a bounty of $1.85 million to anyone who can identify the exploiter responsible for the recent reentrancy attack. The code that caused this vulnerability was found to be faulty Vyper code which forms the foundation of several parts of the Curve Finance system.
Deadline For Hacker To Return Funds Passes
The deadline for the hacker to return all the funds has passed as per 6 August announcement by Curve finance after which it announced a bounty worth 10% of unrecovered funds -$1.85 million- and said it will take matter to court for conviction if necessary.
With this development, it is expected that all remaining stolen funds will be recovered soon and justice will be served against whoever is responsible for this security breach on Curve finance protocol