Curve Finance offers hacker 10% bounty, agrees not to seek legal assistance if offer is taken up
Two other DeFi platforms, Metronome and Alchemix, also signed the bounty offer.
Curve Finance and two other DeFi platforms offered a bounty on Aug. 3 in exchange for the return of funds stolen in various recent attacks.
Curve, Metronome, and Alchemix wrote:
“We as a group … would like to discuss a bounty with any parties who were involved in the recent Curve exploits. We are offering a 10% bounty of any funds stolen, which are yours to keep if you return the remaining 90%.”
The three projects said that if the attacker or attackers return the stolen funds, they will not pursue the issue further or turn to law enforcement.
However, they said that if the attackers do not come forward voluntarily by Aug. 6, the 10% bounty will be offered to anyone who can identify the responsible parties in a way that leads to their conviction in court. The three DeFi platforms said that they will “pursue [the attacker] from all angles [within] the full extent of the law.”
The message was signed by the decentralized exchange Curve, the synthetic asset protocol Metronome, and the same-asset loan platform Alchemix.
Curve Finance broadcast the message on Twitter/X on Aug. 3, writing: “Dear hacker, you’ve got an incoming message.” The full text of the message is embedded on-chain in a linked Ethereum (ETH) transaction.
Attacks extend beyond Curve
Curve Finance was originally hacked on July 30, during which an attacker stole $60 to $70 million from the platform. The attack was made possible by a vulnerability in Vyper smart contracts, which also allowed for other attacks elsewhere.
According to Llamarisk via TechCrunch, Alchemix’s alETH pools were hacked for $22.6 million, while Metronome’s msETH pools were hacked for $3.4 million.
As such, Curve’s latest announcement also linked to an identical bounty for the Alchemix hacker. It did not link to any bounty offered to the Metronome hacker, though such a bounty is implied by the fact that Metronome signed the message.
The widespread scope of these recent hacks has led to a decline in total locked value (TVL) in DeFi platforms. On Aug. 2, CryptoSlate found that investors and liquidity providers have pulled more than $3 billion from DeFi services.