Last updated on March 25th, 2026 at 07:50 pm
Curve Finance has announced a bounty of $1.85 million for anyone who can aid in identifying the mastermind behind the protocol’s recent exploit, which resulted in the loss of digital assets worth over $70 million from the protocol’s coffers.
The deadline for the CRV/ETH exploiter passeshttps://t.co/VphQ0bfYr2 pic.twitter.com/x8LP9Tx4rs
— Curve Finance (@CurveFinance) August 6, 2023
On August 3, 2023, Curve Finance and other protocols affected by the hack sent an on-chain message urging the hacker to return the stolen funds. They offered a deal: if the hacker returned the funds by August 6, 2023, they would get 10% as a reward. If they didn’t, they would face severe consequences, including legal action.
At the expiration of this deadline and the failure of the attacker to respond, the Curve team sent another on-chain message, stating:
“The deadline for the voluntary return of funds in the Curve exploit passed at 0800 UTC. We now extend the bounty to the public, and offer a reward valued at 10% of remaining exploited funds (currently $1.85M USD) to the person who is able to identify the exploiter in a way that leads to a conviction in the courts.”
The team also added that they wouldn’t pursue further actions should the exploiter choose to return the funds in full.
According to PeckShield, about 73% of the stolen funds, equivalent to $52.3 million, have been recovered.
#PeckShieldAlert A total of ~$73.5M worth of cryptos on #Ethereum were stolen in the #Curve Reentrancy exploit. So far, ~73% of them (~$52.3M) have been returned.
The remaining ~$19.7M worth of cryptos on #Ethereum have not yet been returned by the 1st Curve CRV-ETH exploiter… pic.twitter.com/hU4v1UATeh
— PeckShieldAlert (@PeckShieldAlert) August 7, 2023
Following the August 3 on-chain message, Alchemix Finance, JPEGd, and Metronome recovered a combined $48.1 million through asset returns from exploiters and white hat efforts. A white hat hacker, “c0ffeebabe.eth,” helped recover 2,879 ETH, valued at around $5.4 million.
The attackers returned $35 million worth of crypto to Alchemix Finance, and another $13 million was recovered through white hat hacker’s efforts.
We would like to thank the @CurveFinance exploiter for returning a total of 4,819 $alETH and 2259 $ETH so far.
We are looking forward to continued collaboration, resulting in the return of remaining funds.
— Alchemix (@AlchemixFi) August 4, 2023
JPEGd also received $11.5 million from the hacker while the hacker took the 10% of the funds as a reward. The Metronome Curve pool exploiter also returned $1.6 million worth of ETH.
We, the JPEG’d team, based on confidential discussions, formally assert that upon successful return of the funds to the JPEG’d DAO multisig:
1. Legal action will not be taken against the operator of the address 0x6Ec21d1868743a44318c3C259a6d4953F9978538 and…
— JPEG’d (@JPEGd_69) August 4, 2023
However, despite this headway, the attacker behind the Curve’s alETH pool remains elusive, with no progress in recovering the stolen funds.
The repercussions of the attack have reverberated through the Curve Finance ecosystem. The protocol’s native governance token, CRV, has experienced a 6% decrease in value over the past week. It is currently at trading at $0.61.
Furthermore, the attack had a profound impact on Curve Finance’s Total Value Locked (TVL). Within 24 hours after the hack, the total amount of money locked in Curve Finance went from $3.26 billion to $1.74 billion. This staggering 46% reduction, as reported by DeFi analytics platform DefiLlama, underscores the far-reaching implications of the breach on the protocol’s overall financial stability.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
