Inside the Cyber Heist
Earlier, a cyber attacker targeting Curve Finance made off with a colossal sum, approximating a loss of $70 million across various liquidity pools. But there's a twist - the perpetrator has initiated a surprising return of these ill-gotten gains to their rightful owners.
JPEG'd, the NFT-linked finance protocol, affirms that it has recovered 5,495 Ether, which equates to around $10 million at prevailing rates. This retrieval came at a cost - the hacker was compensated with a bounty of 610.6 ETH, or about $1.1 million, as part of the deal.
JPEG'd stands out as a decentralized platform allowing enthusiasts to leverage their NFTs as collateral for borrowing. This Curve Finance incursion had earlier lightened the protocol's coffers by an estimated $11.6 million in cryptocurrency.
Recovery and Reconciliation
The JPEG'd DAO confirms receipt of 5,494.4 WETH back to the JPEG'd Multisig for a total of 5,495.4 WETH. A 10% white-hat bounty of 610.6 WETH was awarded to the owner of the address that recovered funds from the pETH exploit.https://t.co/nIBwHHxfQU
— JPEG'd (@JPEGd_69) August 4, 2023
On August 4th, via a Twitter thread, JPEG’d's squad clarified that the recouped funds have found their way back to the multisig wallet of the protocol's decentralized autonomous entity.
In a notable gesture, the JPEG’d team remarked, "Pending investigations and potential legal actions against the hacker will now cease. We're classifying this episode as a benevolent white-hat intervention."
JPEG’d exploit update:
— ZachXBT (@zachxbt) August 4, 2023
Seems 5495 ETH was returned just now for a 10% whitehat bounty.
0x003b00378ac52c10200d8fcac0e42138a34e46b9d7c3350ad3372ae0eb141df3
Michael Razum is not the exploiter but was linked on-chain bc a few of his contracts were drained by this person. pic.twitter.com/mc3GGx2gyd
Aftermath of the Security Breach
The digital finance realm, especially the DeFi sector, grappled with turmoil when Curve Finance's liquidity pools were systematically raided last month.
Using a vulnerability in the Vyper smart contract programming language that these pools employed, the hacker managed to pilfer crypto assets valued at approximately $70 million.
This lapse had repercussions for several platforms like the Ellipsis decentralized exchange, Alchemix lending, JPEG’d, and the synthetic protocol Metronome. Together, these platforms bore the brunt of millions lost, with Curve Finance also parting with $22 million in CRV tokens.
As a countermeasure, on August 3rd, a collaborative initiative was rolled out by Alchemix, Metronome, and Curve. They dangled a 10% bounty for the culprit, promising immunity from legal consequences if the lion's share (90%) of the stolen assets were returned.
Seemingly, within a day, the hacker relented and has since been methodically returning what was taken, with other projects also confirming similar restitutions.
