Web3 Daily

View Original

Almost $10M From the Curve Exploit was Returned (Here's Why)

Web3 Daily

TL;DR

  • Last weekend, hackers found an exploit in Curve, a ​decentralized​ crypto lending platform.

  • The good-ish news is: almost $10M was returned after the hacker(s) engaged in talks with one of the victims on Friday, blockchain ​data shows​.

  • In a message linked to ​this transaction​, the hacker asked Alchemix (one of the victims) to confirm the ​wallet​ address where he could return the funds.

  • The most likely reason for returning the funds - at least in our minds - is that they made a deal with the team in charge of the governance of Curve, and that deal involved returning a portion of the funds.

Full Story

Last weekend, hackers found an exploit in Curve, a ​decentralized​ crypto lending platform.

We wrote about it ​here​ - and to quote ourselves...

Hackers have found a bug that’s giving them direct access to massive lending pools, and a total of $100M worth of crypto is at risk, with an estimated $50M having been stolen as of this writing (31 July).

As things played out, roughly $61M ended up getting stolen through the Curve exploit.

The good-ish news is: almost $10M was returned after the hacker(s) engaged in talks with one of the victims on Friday, blockchain ​data shows​.

How do you communicate anonymously?

Through ​blockchain​ transactions of course!

In a message linked to ​this transaction​, the hacker asked Alchemix (one of the victims) to confirm the ​wallet​ address where he could return the funds.

Following that, almost $10M was transferred to Alchemix's wallet in ​multiple transactions​.

Which begs the question: why the sudden change of heart to return the funds?

We have a few theories which go a little something like this:

  1. The least likely, but most wholesome, theory is that the hackers were 'white hat' hackers. They did the hack to improve the ​protocol​ overall. A 'white hat' hacker is kind of like Superman, to a 'black hat' hacker's Lex Luthor - they use their (hacking) powers for good.

  2. They may have gotten spooked, and returned the funds in good conscience; or changed their minds after speaking with at least one of the victims and hearing their story. (Also pretty unlikely).

  3. The most likely option - at least in our minds - is that they made a deal with the team in charge of the governance of Curve, and that deal involved returning a portion of the funds.

The real reason may come out later this week.

Let's hope the exploit is fully resolved now, and that this doesn't happen again!