Almost $10M From the Curve Exploit was Returned (Here's Why)

Written By Web3 Daily

TL;DR

  • Last weekend, hackers found an exploit in Curve, a ​decentralized​ crypto lending platform.

  • The good-ish news is: almost $10M was returned after the hacker(s) engaged in talks with one of the victims on Friday, blockchain ​data shows​.

  • In a message linked to ​this transaction​, the hacker asked Alchemix (one of the victims) to confirm the ​wallet​ address where he could return the funds.

  • The most likely reason for returning the funds - at least in our minds - is that they made a deal with the team in charge of the governance of Curve, and that deal involved returning a portion of the funds.

Full Story

Last weekend, hackers found an exploit in Curve, a ​decentralized​ crypto lending platform.

We wrote about it ​here​ - and to quote ourselves...

Hackers have found a bug that’s giving them direct access to massive lending pools, and a total of $100M worth of crypto is at risk, with an estimated $50M having been stolen as of this writing (31 July).

As things played out, roughly $61M ended up getting stolen through the Curve exploit.

The good-ish news is: almost $10M was returned after the hacker(s) engaged in talks with one of the victims on Friday, blockchain ​data shows​.

How do you communicate anonymously?

Through ​blockchain​ transactions of course!

In a message linked to ​this transaction​, the hacker asked Alchemix (one of the victims) to confirm the ​wallet​ address where he could return the funds.

Following that, almost $10M was transferred to Alchemix's wallet in ​multiple transactions​.

Which begs the question: why the sudden change of heart to return the funds?

We have a few theories which go a little something like this:

  1. The least likely, but most wholesome, theory is that the hackers were 'white hat' hackers. They did the hack to improve the ​protocol​ overall. A 'white hat' hacker is kind of like Superman, to a 'black hat' hacker's Lex Luthor - they use their (hacking) powers for good.

  2. They may have gotten spooked, and returned the funds in good conscience; or changed their minds after speaking with at least one of the victims and hearing their story. (Also pretty unlikely).

  3. The most likely option - at least in our minds - is that they made a deal with the team in charge of the governance of Curve, and that deal involved returning a portion of the funds.

The real reason may come out later this week.

Let's hope the exploit is fully resolved now, and that this doesn't happen again!

Web3 Daily

Web3 and crypto news, translated into plain English.

https://web3daily.co/
Previous

Proof That Your Digital Identity Ain’t Yours
Next

Amazon Is Getting Into Web3 Gaming