Curve Finance Recovers over 70% of Hacked Funds: Report

The hackers who exploited Curve Finance have returned 73% of the tokens stolen from the decentralized finance (DeFi) platform. So far, the amount of tokens returned is estimated at USD $53 million, according to a report by a blockchain data analytics platform.

About a week ago, Curve Finance, the DeFi platform for stablecoins, was exploited through a reentrancy bug on its smart contracts programming language, Vyper. This action led to price volatility in CRV, the native token of the DeFi platform. Additionally, it prompted the cryptocurrency exchange, Upbit to suspend deposits and withdrawals of the token.

"A number of stablepools (alETH/msETH/pETH) which are using Vyper 0.2.15 have been exploited as a result of a malfunctioning reentrancy lock," a representative from Curve Finance stated. "We are assessing the situation and will update the community as things develop."

White Hat Hackers?

However, according to a post by PeckShield on X social media platform, ethical hackers are beginning to return the spoils. All the tokens, worth USD $22 million, stolen from the lending protocol AlchemixFi have reportedly been returned. This amount comprises 7,258 Ether and 4,821 Alchemix Ether.

On top of that, a trading bot has returned 90% of the tokens worth USD $11.5 million stolen from Jpegd. Similarly, tokens worth USD $6 million and USD $13 million have been recovered, which were stolen from the synthetic protocol Metronome and Curve trading pool, respectively.

Curve Finance’s Bug Bounty

On August 3, the exploited protocols, Curve, Metronome, and Alchemix, announced a bug bounty to incentivize hackers to return the stolen funds. In the statement on Etherscan, the platforms said: "We are offering a 10% bounty of any stolen funds, which are yours to keep if you return the remaining 90%."

Finance Magnates reported that Curve was exploited through a type of attack known as Reentrancy. This vulnerability allows codes from malicious third parties to be executed within a smart contract. Thus, hackers are able to make repeated calls to a blockchain platform and siphon funds.