White Hat Hacker Recovers $5.4 Million For DeFi Platform Curve Finance Amid Recent Exploit

An ethical hacker has recovered 2,879 ETH worth around $5.4 million for the decentralized finance (DeFi) protocol Curve Finance amid its recent hack losing over $47 million. 

On July 30, the same day of the hack, it was reported that an ethical hacker seized some assets by front-running the original hackers’ malicious transactions.

A maximal value bot “c0ffeebabe.eth” sent the recovered assets to Curve’s deployers address with users hailing the move. However, most crypto enthusiasts suggest that it will take a long time to recover from the damage. 

#PeckShieldAlert c0ffeebabe.eth has returned 2,879 $ETH (~$5.4m) to #Curve deployer https://t.co/33BJLaq12A pic.twitter.com/2Jq0JOsrhV

— PeckShieldAlert (@PeckShieldAlert) July 31, 2023

While good news comes from one end, bad news still trickles in as bad actors target victims of the hack with a new fraudulent scheme.  

Several accounts have been recorded both impersonating Curve Finance and victims of the hack putting together fake refunds targeted at users who lost their assets. 

Since the incident occurred, Curve Finance has not made an official release concerning a potential fund rendering all associated postings so far, false. 

Despite the return of $5.4 million worth of tokens, the attack destabilized markets with Curve’s CRV token taking the biggest hit. CRV has plunged over 17% in the past 24 hours to trade at $0.61.

A larger disaster looms as the total asset locked on the protocol took a nosedive from over $3 billion on Sunday to $1.7 billion at press time as multiple investors withdrew their assets in fear. 

Most DeFi tokens remain down following the last bear market with observers predicting a high impact following related hacks in previous months.

A $47 Million Hack: What’s Next? 

Curve, a stablecoin exchange based on Ethereum, announced that it has been the victim of a hack leading to initial losses of $47 million. 

The main reason for the exploit has been attributed to a retrancy bug in the Vyper programming language leading to the drain in multiple pools on the platform by the hacker. 

“As a result of an issue in Vyper compiler in versions 0.2.15-0.3.0, the following pools were hacked: crv/eth, aleth/eth, mseth/eth, peth/eth.”

While Curve operates several pools, only pools powered by the Vyper versions 0.2.15, 0.2.16, and 0.3.0 were affected by the incident, per a team member, Mimaklas on Discord. 

A number of stablepools (alETH/msETH/pETH) using Vyper 0.2.15 have been exploited as a result of a malfunctioning reentrancy lock. We are assessing the situation and will update the community as things develop.

Other pools are safe. https://t.co/eWy2d3cDDj

— Curve Finance (@CurveFinance) July 30, 2023

“all affected pools have been drained or white hacked, and the team is assessing the situation with affected teams,” he added. 

Retrancy is a bug deployed by bad actors to make repeated calls to a network to steal assets by accessing user wallets.