Based on a recent update, Decentralized Finance (DeFi) stablecoin lending platform Curve Finance has confirmed plans to refund affected users in the recent hack which led to the loss of $62 million from the protocol.
According to Curve Finance, investigations are still ongoing but so far about 79% of the funds have been recovered. Adding that in the meantime, it is focused on “working on measuring the respective shares of each affected user with the goal of proper distribution.”
Quick post-hack update.
While 70% of funds affected by the hack last week are recovered, active investigation with regards to the rest is underway.
In the meantime, we are also working on measuring the respective shares of each affected user with the goal of proper distribution
— Curve Finance (@CurveFinance) August 11, 2023
The Melodramatic Curve Finance Hack
The crypto lender was hacked on July 30 by bad actors who took advantage of certain vulnerabilities in the release history of its Vyper compiler.
Precisely, the perpetrator of the hack focused on versions 0.2.15 to 0.3.0 of the Vyper compiler. It seemed like the hacker knew exactly where the flaws were on Vyper’s past releases. Spotting such vulnerabilities could have only taken a high level of expertise and resources as experts pointed out.
Notably, there have been speculations that the operation was well thought-out before execution. One contributor to Vyper is confident that the plan took the hackers some weeks, if not months to come up with. Some of the impacted pools are CRV/ETH, alETH/ETH, msETH/ETH, and pETH/ETH. It is also believed that the tri-crypto pool on Arbitrum might also be affected.
Sadly, the attack sent shockwaves through the entire DeFi ecosystem. A broad look at the exploit demonstrated the lack of incentivization for uncovering bugs in past software releases as a challenge for the nascent crypto industry.
Hacker Takes Bounty and Initiates Partial Refund
Etherscan data confirmed that the hacker had performed three separate transactions to the Alchemix Finance developer wallet, transferring a total of 4,821 Ethereum (ETH) worth $8,891,578 at the time. Till now, the hacker has not completed the refund.
The hacker’s choice to return the funds to Alchemix Finance instead of directly to Curve Finance is perceived as a level of discretion or a strategic decision to prevent him from being caught.
The presented content may include the personal opinion of the author and is subject to market condition. Do your market research before investing in cryptocurrencies. The author or the publication does not hold any responsibility for your personal financial loss.