Alchemix, a lending platform, recently announced that the hacker responsible for the Curve Finance hack has returned all the stolen funds. The hack occurred on July 30 and resulted in over $61 million worth of cryptocurrencies being drained from various pools, including 13.6 million USDC from Alchemix’s alETH-ETH pool.
Along with Alchemix, JPEGd’s pETH-ETH pool lost $11.4 million, and Metronome’s sETH-ETH pool lost over $1.6 million. The hacker targeted stablecoin pools on Curve Finance using vulnerable versions of the Vyper programming language through reentrancy attacks.
The process of returning the stolen funds began after the hacker accepted a bug bounty offer. Curve, Metronome, and Alchemix jointly initiated a plan to recover the stolen funds on August 3, offering a 10% reward for the returned funds and urging the responsible party to return the remaining 90%, which would result in a reward of nearly $7 million.
In less than 24 hours after the proposal, the initial attacker started returning the stolen funds, sending back 4,820.55 Alchemix ETH (alETH) to the Alchemix Finance team, with the transaction completed on August 5.
The hacker posted a message seemingly directed at Alchemix and Curve, stating their willingness to return the money but only because they didn’t want to “ruin” the related projects.
“I return the money not because you can find me, but because I don’t want to ruin your project,” read the message on the blockchain.
This incident showcases the importance of transparency and cooperation within the cryptocurrency community to address security breaches and recover stolen assets. It also highlights the need for continuous efforts to enhance the security and robustness of DeFi platforms to protect users’ funds and maintain trust in the ecosystem.