Just-In: Curve Finance Says it Will Refund Affected Users in Post-Hack Update

Based on a recent update, Decentralized Finance (DeFi) stablecoin lending platform Curve Finance has confirmed plans to refund affected users in the recent hack which led to the loss of $62 million from the protocol.
According to Curve Finance, investigations are still ongoing but so far about 79% of the funds have been recovered. Adding that in the meantime, it is focused on “working on measuring the respective shares of each affected user with the goal of proper distribution.”
Quick post-hack update.
While 70% of funds affected by the hack last week are recovered, active investigation with regards to the rest is underway.
In the meantime, we are also working on measuring the respective shares of each affected user with the goal of proper distribution
— Curve Finance (@CurveFinance) August 11, 2023
The Melodramatic Curve Finance Hack
The crypto lender was hacked on July 30 by bad actors who took advantage of certain vulnerabilities in the release history of its Vyper compiler.
Precisely, the perpetrator of the hack focused on versions 0.2.15 to 0.3.0 of the Vyper compiler. It seemed like the hacker knew exactly where the flaws were on Vyper’s past releases. Spotting such vulnerabilities could have only taken a high level of expertise and resources as experts pointed out.
Notably, there have been speculations that the operation was well thought-out before execution. One contributor to Vyper is confident that the plan took the hackers some weeks, if not months to come up with. Some of the impacted pools are CRV/ETH, alETH/ETH, msETH/ETH, and pETH/ETH. It is also believed that the tri-crypto pool on Arbitrum might also be affected.
Sadly, the attack sent shockwaves through the entire DeFi ecosystem. A broad look at the exploit demonstrated the lack of incentivization for uncovering bugs in past software releases as a challenge for the nascent crypto industry.
Hacker Takes Bounty and Initiates Partial Refund
A 10% bounty reward was promised to the hacker who accepted the offer. A few days later, the hacker behind the attack initiated the process of returning the funds.
Etherscan data confirmed that the hacker had performed three separate transactions to the Alchemix Finance developer wallet, transferring a total of 4,821 Ethereum (ETH) worth $8,891,578 at the time. Till now, the hacker has not completed the refund.
The hacker’s choice to return the funds to Alchemix Finance instead of directly to Curve Finance is perceived as a level of discretion or a strategic decision to prevent him from being caught.
- ChangeNOW’s Quiet Power Play in Helping Crypto Businesses
- Standard Chartered Sees Bitcoin Soaring to $200,000 by Year-End on ETF Boom
- Walmart’s OnePay App to add Bitcoin and Ethereum trading
- Tech Giant Samsung Taps Coinbase To Provide Crypto Access, Driving Adoption
- Bitget Joins UNICEF Game Jam To Train 300,000 Youths In Blockchain
- Aster Price Eyes $3 After Channel Breakout as Open Interest Surges to $1.37B
- Will XRP Price Hit $5 if the SEC Approves ETFs This Month?
- Bitcoin Price Hits $120K Ahead of Q4 — Can Citigroup’s Forecast Hold Up?
- Pi Network Price at Risk of Another Crash as Mysterious Whale Stops Buying
- Solana Price Eyes $360 After Bullish Retest As VisionSys AI Deploys $2B Treasury Strategy
- Cardano Price Forecast As Hashdex Listing Fuels Optimism For $1.27 Breakout