Curve Finance offers 1.85 mln bounty to recover stolen crypto funds

  • The DeFi hack worth $73 million occurred across different Curve Finance pools on 30 July.
  • The hacker has returned stolen funds only to a few pools. $19 million in assets still remain unrecovered.

DeFi protocol Curve Finance has offered a bounty of $1.85 million to anyone who can identify the exploiter responsible for the recent reentrancy attack.

The crypto hack occurred on 30 July, resulting in the theft of more than $73 million in crypto assets from Curve’s different pools. The affected pools included Alchemix, JPEGd and Metronome.

Reentrancy is a common bug that provides hackers opportunities to trick a smart contract into stealing assets by making repeated calls, or software commands, by making repeated calls to a protocol. The attack was found to be caused due to a faulty Vyper code. The code forms the foundation of several parts of the Curve Finance system.

The affected protocols, including Curve Finance, first offered a bug bounty of 10% to the hacker on 3 August. Though the hacker accepted the offer, they only returned the stolen funds to Alchemix and JPEGd.


Over $19 million in stolen funds are still remaining.

Curve Finance announced on 6 August that the deadline for the hacker to return all the funds has passed. It then announced a bounty worth 10% of the unrecovered funds, $1.85 million. The protocol also said that it will take the matter to court for conviction.

How the DeFi space is coping with the attack

In the aftermath of Curve Finance’s exploit, the DeFi vertical of the crypto ecosystem has experienced a 7% downturn in total value locked (TVL). DeFi TVL held across multiple chains stood at around $41 billion, as per DefiLlama.

Source: DefiLlama

The lending DeFi protocol, AAVE, suffered a decline of nearly 7% within a week. This was due to the protocol’s significant exposure caused by Curve Finance founder Michael Egorov’s loans on its platform.

Source: DefiLlama

Egorov had loans against the project’s native CRV tokens across several DeFi lenders. Later, it emerged that Ergorov had executed several over-the-counter deals worth $42.4 million with several notable crypto influencers.

Leave a Reply

Scroll to Top