Moral hacker retrieves $5.4M for Curve Finance amid exploit

by Jeremy July 31, 2023

A white hat hacker has managed to take round 2,879 Ether (ETH), value round $5.4 million, from an exploiter and returned it to the decentralized finance (DeFi) protocol Curve Finance amid the latest hack.

On July 30, a number of stablepools on Curve Finance have been exploited attributable to malfunctioning reentrancy locks on a number of variations of the Vyper programming language. The losses from Curve Finance are estimated to be round $47 million. Nonetheless, DeFi protocols that have been utilizing the susceptible variations of Vyper have been additionally exploited, exposing the DeFi ecosystem to a stress take a look at.

#PeckShieldAlert c0ffeebabe.eth has returned 2,879 $ETH (~$5.4m) to #Curve deployer https://t.co/33BJLaq12A pic.twitter.com/2Jq0JOsrhV

— PeckShieldAlert (@PeckShieldAlert) July 31, 2023

On the identical day, an moral hacker seized a few of the stolen belongings and returned them to Curve Finance. A maximal extractable worth bot operator with the username “c0ffeebabe.eth” used a front-running bot in opposition to a malicious hacker to safe virtually 3,000 ETH. The funds have been then returned to the Curve deployer tackle, which appears to be like to be its rightful custodian.

Amid the chaos, Twitter accounts impersonating Curve Finance and hack victims are selling a faux refund scheme concentrating on those that already misplaced their funds within the latest hack. The official Curve Finance account has not printed any plans for a refund on the time of writing.

*Copycat Curve Finance account selling a faux refund scheme. Supply: Twitter*

In the meantime, BNB Sensible Chain has suffered copycat assaults because of the Vyper vulnerability. In keeping with knowledge shared by blockchain safety agency BlockSec, round $73,000 was stolen throughout three exploits.

Associated: Ethereum logs $1M MEV block reward amid Curve Finance exploit

In the meantime, the U.S. Securities and Change Fee has adopted new guidelines for cybersecurity incidents involving public corporations in the USA. The rule requires these corporations to reveal a cyberattack 4 days after being thought-about “materials.” In keeping with the SEC, the rule can even require periodic reporting on insurance policies to determine and handle cybersecurity dangers.

Journal: Ought to crypto tasks ever negotiate with hackers? In all probability

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Moral hacker retrieves $5.4M for Curve Finance amid exploit

Curve Finance TVL falls over $1B following Vyper vulnerability exploit

Cex worth feed prevents Curve worth from collapsing amid $100M vulnerability

Related Posts