- Curve Finance recovers 73% of hacked funds.
- Alchemix has recovered all the tokens lost during the hack.
Curve Finance has been able to recover 73% of hacked funds, just a week after the decentralized finance platform lost about $61 million to exploiters.
The DeFI platform and the crypto industry welcome the fund recovery made possible by white hackers and attackers.
Shortly after the attack, over $22 million in $ETH and other derivatives was returned to Alchemix, a lending protocol whose funds were stolen.
PeckShield, a blockchain and data security company, confirmed this in an X post on Aug 7.
In addition, a trading bot has returned 90% of the tokens worth $11.5 million to Jpegd.
Metronome and Curve trading pool, which was also attacked, have recovered tokens worth $6 million and $13 million, respectively.
“A total of $73.5M worth of cryptos on #Ethereum were stolen in the #Curve Reentrancy exploit. As of the time of writing, ~73% of the stolen funds (~$52.3M) have been returned by the hackers.
However, the 1st Curve CRV-ETH exploiter has not yet returned the remaining ~$19.7M worth of cryptos on #Ethereum…” Peckshield stated in a post shared on X.
The Hack
About a week ago, a reentrancy bug on Curve Finance’s smart programming language named Vyper led to a massive hack that accrued losses of $73.5 million.
The reentrancy attack resulted in the loss of funds by Curve Finance, Metronome, a lending platform, and Alchemix.
On Aug 3, the three attack victims sent an on-chain message to the attacker, offering a 10% bounty in exchange for the stolen tokens.
“You will have no risk of us pursuing this further, no risk of law enforcement issues…”
In response to the message sent by the three decentralized finance protocols, the attacker began to return the funds on Friday.
The attacker returned about $10 million worth of tokens to Alchemix.
After the deadline issued by Curve Finance and the other two protocols passed, the bounty was opened to the public, with the same 10% reward of the remaining exploited funds, valued at $1.85m, extended as well to whoever can successfully fish out the exploiter in a way that aids Curve Finance in convicting them in court for their actions.
However, Curve reiterated that if the exploiter chooses to return the stolen funds in full, they will not pursue the case further. The return of 73% of the stolen funds was a sign of renewed hope for the protocol with its reputation as one of the most influential platforms in the DeFi ecosystem.
The Reentrancy bug used in the theft of curved finance funds is a common bug used by attackers that allows them to trick a smart contract by using repeated calls or software commands issued to a protocol to steal assets.
The attack on Curve Finance’s funds was traced to a faulty code on Vyper, a programming language Curve uses to power parts of its system.
Conclusion
Following the exploit on Curve Finance, CRV lost almost 30% of its value, falling as low as 50 cents from its original price of 72 cents. It has, however, risen to 61 cents after the news of the recovery of 73% of the funds.
