Ezra Reguerra13 hours agoEthical hacker retrieves $5.4M for Curve Finance amid exploitTwitter accounts impersonating Curve Finance have also started to promote a fake refund scheme, further targeting victims of the hack.6887 Total views9 Total sharesListen to article 0:00NewsJoin us on social networksA white hat hacker has managed to take around 2,879 Ether (ETH), worth around $5.4 million, from an exploiter and returned it to the decentralized finance (DeFi) protocol Curve Finance amid the recent hack. 

On July 30, several stablepools on Curve Finance were exploited due to malfunctioning reentrancy locks on several versions of the Vyper programming language. The losses from Curve Finance are estimated to be around $47 million. However, DeFi protocols that were using the vulnerable versions of Vyper were also exploited, exposing the DeFi ecosystem to a stress test.#PeckShieldAlert c0ffeebabe.eth has returned 2,879 $ETH (~$5.4m) to #Curve deployer https://t.co/33BJLaq12A pic.twitter.com/2Jq0JOsrhV— PeckShieldAlert (@PeckShieldAlert) July 31, 2023

On the same day, an ethical hacker seized some of the stolen assets and returned them to Curve Finance. A maximal extractable value bot operator with the username “c0ffeebabe.eth” used a front-running bot against a malicious hacker to secure almost 3,000 ETH. The funds were then returned to the Curve deployer address, which looks to be its rightful custodian. 

Amid the chaos, Twitter accounts impersonating Curve Finance and hack victims are promoting a fake refund scheme targeting those who already lost their funds in the recent hack. The official Curve Finance account has not published any plans for a refund at the time of writing.Copycat Curve Finance account promoting a fake refund scheme. Source: Twitter

Meanwhile, BNB Smart Chain has suffered copycat attacks due to the Vyper vulnerability. According to data shared by blockchain security firm BlockSec, around $73,000 was stolen across three exploits. 

Related:Ethereum logs $1M MEV block reward amid Curve Finance exploit

Meanwhile, the U.S. Securities and Exchange Commission has adopted new rules for cybersecurity incidents involving public companies in the United States. The rule requires these companies to disclose a cyberattack four days after being considered “material.” According to the SEC, the rule will also require periodic reporting on policies to identify and manage cybersecurity risks.

Magazine:Should crypto projects ever negotiate with hackers? Probably# Security# Hackers# Cybersecurity# Hacks# DeFiAdd reactionAdd reactionRelated NewsWhat is an atomic swap, and how does it work?Worldcoin is making reality look like a lot like Black MirrorCrypto hacks and exploits snatch over $300M in Q2 2023: ReportBug bounties can help secure blockchain networks, but have mixed resultsUSB keystroke injectors still a threat to crypto usersLost keys have already cost billions of dollars, many more at risk — Polygon exec