Ana Paula Pereira2 hours agoCurve, Metronome and Alchemix offering 10% bug bounty on Vyper hackThe exploit on July 30 resulted in the theft of roughly $70 million in cryptocurrencies, bringing the bounty close to $7 million.270 Total views40 Total sharesListen to article 0:00NewsJoin us on social networksDecentralized finance (DeFi) platforms Curve, Metronome and Alchemix have jointly announced an initiative to recover stolen funds from the recent exploits of Curve’s pools.

According to on-chain data, the protocols are offering a 10% bounty of the stolen funds as a reward, urging those responsible for the exploit to step forward and return the remaining 90%. The exploit on July 30 resulted in the theft of roughly $70 million in cryptocurrencies, which would bring the bounty close to $7 million.Dear hacker, you"ve got an incoming messagehttps://t.co/ZKJjrO65PX— Curve Finance (@CurveFinance) August 3, 2023

The offer comes with a guarantee of no further legal actions or involvement of law enforcement. “We want to resolve this in a civilized manner," says the message included in the transaction.

“You will have no risk of us pursuing this further, no risk of law enforcement issues," the protocols said in a joint statement, adding:“If you choose not to partake in the voluntary return and complete the process by 6 August at 0800 UTC, we will expand the bounty to the public, and offer the full 10% to the person who is able to identify you in a way that leads to your conviction in the courts. We will pursue you from all angles with the full extent of the law." 

The trio has provided a direct channel for communication via curvenegotiation@protonmail.com and urged the responsible parties to respond immediately. It also emphasized that any individuals reaching out for negotiations must verify their ownership of the email address on-chain.

The attack occurred due to a critical vulnerability in versions of the Vyper programming language. Several pools using Vyper 0.2.15, 0.2.16 and 0.3.0 were targeted by a malfunctioning reentrancy lock, affecting four liquidity pools on Curve Finance.

The security incident has delivered a fresh sense of uncertainty across the crypto community, raising concerns about a possible domino effect on the DeFi ecosystem. Curve Finance’s native stablecoin, crvUSD, briefly depegged on Aug. 3, reacting to the hazy circumstances surrounding the protocol after the exploit.

Magazine: Should crypto projects ever negotiate with hackers? Probably# Blockchain# Hackers# Hacks# Curve FinanceAdd reactionAdd reactionRelated NewsHow to send and receive payments on the Lightning NetworkWe need to fundamentally change how smart contracts operateHow will Bitcoin halving affect BTC price, and is DeFi dead?BNB Smart Chain hit with copycat Vyper attack, $73K exploitedCEX price feed prevents Curve price from collapsing amid $100M vulnerabilityBase’s largest DEX, LeetSwap, halts trading amid exploit concerns