cryptoslate.com
Decentralized finance (DeFi) protocol Curve Finance ($CRV) has offered a $1.85 million public bounty to recover the remaining funds stolen on its platform through a reentrancy bug on July 30.
In an on-chain message dated Aug. 6, Curve conveyed that the deadline for the hacker to voluntarily return the stolen funds had passed at 08:00 UTC on that day, with no funds returned.
Consequently, the protocol revealed it was giving the public a chance to identify the exploiter in a way that could lead to a conviction in the courts. However, the protocol offered not to pursue this path if the hacker chooses to return the funds.
On July 30, several DeFi platforms were exploited via a reentrancy attack after multiple versions of Vyper, a smart contract language for the Ethereum virtual machine (EVM), were hacked. The incident had broader implications as investors and liquidity providers withdrew over $3 billion from DeFi projects, presenting a contagion risk for the sector.
Due to this, Curve Finance offered the attacker a 10% bounty in exchange for the return of funds stolen before Aug. 6. The attacker returned some of the stolen funds to some of its victims, including Alchemix, on Aug. 5 prompting speculations that the attacker would return more of the stolen funds to the protocol.
Curve has reclaimed 73% of stolen funds.
Meanwhile, blockchain analytical firm Peckshield reported that roughly 73% of the total amount stolen in the Curve exploit had been returned as of Aug. 7.
Peckshield said $22 million in Ethereum and its derivatives, previously stolen from AlchemixFi, were successfully recovered. An ethical hacker further contributed to the project’s recovery by returning $13 million.
The firm further noted that a trading bot that front-ran the exploit of JPEGd returned 90% of the stolen ETH to the project. Additionally, another ethical hacker, c0ffeebabe.eth returned nearly $7 million to Metronome and a Curve trading pool.
Community scampers to prevent contagion
DeFi protocols are rapidly reducing their exposure to Curve’s embattled $CRV token amid these developments.
On Aug. 6, the Aave community overwhelmingly approved a proposal prohibiting additional $CRV borrowing on its platform. The proposal was designed to prevent the liquidation risk presented by Curve’s founder Michael Egorov’s significant debt position backed by the $CRV token.
Blockchain analyst Lookonchain reported that Egorov had sold 142.6 million $CRV tokens for $57 million to at least 30 different entities, including market maker Wintermute, Tron founder Justin Sun and others, via over-the-counter deals.
However, Egorov still has around $49 million in debt across different DeFi protocols.