Decentralized exchange Curve Finance has collaborated with Metronome and Alchemix to establish a 10% bug bounty reward for the individuals responsible for the recent exploit, which resulted in over $50 million being taken from the pools of these platforms.
In an on-chain message found on one of the hackers’ Ethereum addresses, the protocols have expressed their willingness to halt any further pursuit of the case if the attackers decide to return 90% of the stolen funds, allowing them to retain 10% as a reward.
On July 30, a significant exploit targeted four Curve Finance pools, impacting various decentralized finance protocols such as Metronome, Alchemix, and Ellipsis. The attackers leveraged the Vyper programming language on the Ethereum Virtual Machine to exploit a malfunctioning re-entrancy lock.
Though the exact amount lost in the hack remains uncertain, it is estimated to be more than $50 million. In response, Curve Finance, Metronome, and Alchemix have taken proactive measures to recover the funds. They have directly engaged with the attackers on-chain, offering an arrangement where the hackers can return 90% of the stolen funds, and in exchange, they will face no legal repercussions. The deadline given to the attackers to comply with this offer is until August 6.
If the hackers fail to return the funds by that date, the trio has planned to make the 10% bug bounty reward public, encouraging anyone with information to identify the attackers and potentially claim the reward. This move aims to incentivize the return of the stolen funds and bring the perpetrators to justice.