TL;DR
-
Last weekend, hackers found an exploit in Curve, a decentralized crypto lending platform.
-
The good-ish news is: almost $10M was returned after the hacker(s) engaged in talks with one of the victims on Friday, blockchain data shows.
-
In a message linked to this transaction, the hacker asked Alchemix (one of the victims) to confirm the wallet address where he could return the funds.
-
The most likely reason for returning the funds – at least in our minds – is that they made a deal with the team in charge of the governance of Curve, and that deal involved returning a portion of the funds.
Full Story
Last weekend, hackers found an exploit in Curve, a decentralized crypto lending platform.
We wrote about it here – and to quote ourselves…
Hackers have found a bug that’s giving them direct access to massive lending pools, and a total of $100M worth of crypto is at risk, with an estimated $50M having been stolen as of this writing (31 July).
As things played out, roughly $61M ended up getting stolen through the Curve exploit.
The good-ish news is: almost $10M was returned after the hacker(s) engaged in talks with one of the victims on Friday, blockchain data shows.
How do you communicate anonymously?
Through blockchain transactions of course!
In a message linked to this transaction, the hacker asked Alchemix (one of the victims) to confirm the wallet address where he could return the funds.
Following that, almost $10M was transferred to Alchemix’s wallet in multiple transactions.
Which begs the question: why the sudden change of heart to return the funds?
We have a few theories which go a little something like this:
-
The least likely, but most wholesome, theory is that the hackers were ‘white hat’ hackers. They did the hack to improve the protocol overall. A ‘white hat’ hacker is kind of like Superman, to a ‘black hat’ hacker’s Lex Luthor – they use their (hacking) powers for good.
-
They may have gotten spooked, and returned the funds in good conscience; or changed their minds after speaking with at least one of the victims and hearing their story. (Also pretty unlikely).
-
The most likely option – at least in our minds – is that they made a deal with the team in charge of the governance of Curve, and that deal involved returning a portion of the funds.
The real reason may come out later this week.
Let’s hope the exploit is fully resolved now, and that this doesn’t happen again!