ETH

Curve, Metronome, and Alchemix Unite to Offer 10% Bounty on Vyper Hack

by BSCN

August 4, 2023

chain

The bounty amounts to around $7 million, considering approximately $70 million worth of cryptocurrencies were stolen during the attack.

Hacker Offered a Chance at Whitehat

Curve Finance, together with Metronome and Alchemix, have come forward with an initiative in the aftermath of the recent exploits that shook the DeFi world. The trio of decentralized finance platforms announced a joint 10% bug bounty on Vyper hack in an effort to retrieve stolen funds.

Based on on-chain data, the three protocols are pledging a 10% reward of the pilfered funds to anyone involved in the hack who voluntarily comes forward and returns the remaining 90%. With approximately $70 million worth of cryptocurrencies stolen during the attack, the bounty could reach a substantial $7 million.

"Curve, Metronome & Alchemix would like to discuss a bounty with any parties who were involved in the recent Curve exploits. We are offering a 10% bounty of any funds stolen, which are yours to keep if you return the remaining 90%. There will be no risk of further pursuit or law enforcement issues if you choose to comply," the joint statement revealed. 

The hack exploited a critical vulnerability in certain versions of the Vyper programming language, affecting four liquidity pools on the Curve Finance platform. Pools utilizing Vyper 0.2.15, 0.2.16, and 0.3.0 were specifically targeted, with a malfunctioning reentrancy lock at the root of the attack.

Following the security incident, concerns have arisen within the crypto community regarding potential ripple effects on the wider DeFi ecosystem. The incident has left Curve Finance's native stablecoin, crvUSD, briefly depegged on Aug. 3, reflecting the uncertainty surrounding the protocol after the exploit.

The three platforms are urging those involved in the hack to step forward and engage in the voluntary return process before August 6 at 0800 UTC to claim the 10% bounty. Failure to comply will result in the bounty being extended to the public, with the full reward going to anyone who can help identify the perpetrators and lead to their conviction in court.

The platforms have established a secure communication channel via [email protected] for negotiations and are requesting interested parties to verify their ownership of the associated addresses on-chain before proceeding with discussions.

As the deadline approaches, the crypto community is closely watching the outcome of this whitehat bounty initiative's outcome, hoping for the stolen funds' recovery and a swift resolution to this unsettling incident.

;