Curve Finance, a popular decentralized finance (DeFi) protocol, recently experienced a significant hack that resulted in the loss of over $61 million from its Vyper-based liquidity pools. In response to the attack, Curve Finance initially offered a bounty to the hacker, but after the hacker failed to meet the requirements, Curve has extended a bounty to the public in an effort to encourage the recovery of the stolen funds.

On July 30, Curve Finance announced that it had fallen victim to an attack that impacted four liquidity pools for Ethereum pairs, as well as Curve Finance’s governance token, CRV, and several ERC-20 tokens issued on Metronome Synth, Alchemix, and JPEG’d. The attacker exploited a vulnerability in Curve’s Vyper 0.2.15 reentrancy lock, resulting in significant losses.

In response to the hack, Curve Finance initially offered a bounty to the hacker, which accounted for 10% ($6 million) of the stolen funds. However, the hacker only returned assets to Alchemix and JPEG’d, failing to fully refund the other affected pools. This prompted Curve Finance to extend the bounty to the public.

With the voluntary fund return deadline passing on August 6, Curve Finance has decided to offer a reward worth 10% of the remaining unrecovered stolen funds, approximately $1.85 million, to the public. This bounty is intended to incentivize individuals who possess information that could lead to the arrest and successful conviction of the hackers.

However, Curve Finance clarifies that it is willing to drop the case and the extended bounty if the exploiter has a change of heart and voluntarily returns the remaining funds in full.

The exploits targeting Curve Finance have highlighted vulnerabilities not only within the protocol itself but also across various DeFi projects. Following the attack on Curve Finance, BNB Smart Chain (BSC) became a target of a similar copycat attack due to a Vyper programming language vulnerability. BlockSec reported that hackers stole approximately $73,000 worth of crypto assets on the BSC chain.

In the aftermath of the exploits, white and black-hat hackers have clashed as they seek to recover or disrupt one another’s attempts to manipulate funds. One notable example is the white hat hacker known as “coffebabe.eth,” who successfully secured some funds for safekeeping and urged affected protocols to reach out for retrieval.

Curve Finance’s response to the hack demonstrates its commitment to recovering the stolen funds and holding the exploiters accountable. By extending a substantial bounty to the public, Curve Finance aims to encourage the community’s involvement in identifying and apprehending the hackers. As the DeFi ecosystem continues to evolve, addressing and remedying vulnerabilities becomes crucial for fostering trust and growth in the space.

Disclaimer: The information provided in this research report is for informational purposes only and should not be interpreted as financial or investment advice. The NFT and cryptocurrency market is highly volatile, and readers should conduct thorough research before making any investment decisions.