Curve Finance, the decentralized finance platform that lost more than $60 million in an exploit last week, offered the anonymous exploiter 10% of the stolen funds in exchange for a voluntary return of the rest.
Other protocols affected by the exploit joined Curve in its offer, including lending protocol Alchemix and NFT lending protocol JPEG’d. The hacker partly obliged and returned $13.6 million worth of stolen crypto to Alchemix and $11.4 million worth of stolen crypto to JPEG’d.
We are extremely happy to announce that all funds stolen by the hacker of the Alchemix @CurveFinance pool have now been returned.
Full post mortem coming.
— Alchemix (@AlchemixFi) August 5, 2023
The JPEG'd DAO confirms receipt of 5,494.4 WETH back to the JPEG'd Multisig for a total of 5,495.4 WETH. A 10% white-hat bounty of 610.6 WETH was awarded to the owner of the address that recovered funds from the pETH exploit.https://t.co/nIBwHHxfQU
— JPEG'd (@JPEGd_69) August 4, 2023
“I’m refunding not because you can find me, it’s because I don’t want to ruin your project,” wrote the hacker in an on-chain message.
However, the hacker made no such transfer back to Curve, prompting the protocol to open the bounty it offered to the hacker to the public, offering $1.85 million as a reward to anyone who can identify the exploiter in a way that would lead to his or her conviction in a court of law.
— Curve Finance (@CurveFinance) August 6, 2023
The deadline for the hacker to return funds passed at 8:00 UTC. Still, if the hacker were to return the funds in full, Curve said it would not pursue the matter further.
With no response from the hacker just yet, blockchain sleuths are on the charge to trace the exploiter’s wallet movements.