Curve Finance has provided a post-hack update, stating that investigations are ongoing and intends to reimburse affected customers.
Curve Finance, a Decentralized Finance (DeFi) stablecoin lending platform, has affirmed in a recent update that it intends to reimburse users affected by the recent hack that resulted in the loss of $62 million from the protocol.
Curve Finance reports that investigations are ongoing, but approximately 79% of the funds have been recovered. In the interim, the company focuses on assessing each affected user’s respective shares to ensure equitable distribution.
Quick post-hack update.
While 70% of funds affected by the hack last week are recovered, active investigation with regards to the rest is underway.
In the meantime, we are also working on measuring the respective shares of each affected user with the goal of proper distribution
— Curve Finance (@CurveFinance) August 11, 2023The Dramatic Curve Financial Scam
The crypto lender was compromised on July 30 by malicious actors who exploited vulnerabilities in the compiler’s release history. Exact versions 0.2.15 to 0.3.0 of the Vyper compiler were targeted by the hacker.
The intruder appeared to know precisely where the vulnerabilities were in previous Vyper releases. According to specialists, identifying such vulnerabilities would have required high skill and resources.
There have been rumors that the operation was meticulously planned before its execution. A Vyper contributor is confident it took the hackers weeks, if not months, to devise the plan. Several pools are affected, including CRV/ETH, alETH/ETH, msETH/ETH, and pETH/ETH.
Also, it is believed that the tri-crypto pool on Arbitrum may have been affected. Unfortunately, the assault reverberated throughout the entire DeFi ecosystem. A comprehensive examination of the exploit revealed the absence of incentive for discovering bugs in previous software releases as a challenge for the nascent cryptocurrency industry.
Hacker Accepts Reward, Starts Partial Refund
A 10% bounty was offered to any hacker who accepted the offer. A few days later, the perpetrator of the attack initiated the return of the stolen funds.
Etherscan data confirmed that the hacker had transferred 4,821 Ethereum (ETH) worth $8,891,578 in three distinct transactions to the developer wallet of Alchemix Finance. The hacker still needs to process the refund.
The hacker’s decision to return the stolen funds to Alchemix Finance rather than Curve Finance is interpreted as a level of discretion or a strategic move to avoid being discovered.
