Hackers Begin Returning Funds to Curve Finance

After Curve Finance sent on-chain messages to the hackers, the first batches of funds have started being returned to the affected projects.

Background on the Curve Finance Exploit

On July 30, vulnerabilities in the liquidity pools of Curve Finance, which use the Vyper language, were exploited by hackers. The projects impacted include:

• JPEG'd: approximately $11 million
• Metronome: approximately $1.6 million
• Alchemix: $11 million (already returned by a white-hat hacker) + $20.6 million
• CRV-ETH Pool: $19 million still held by the hacker + $5.3 million returned by white-hat hacker coffeebabe.eth

Funds Being Returned

As of the evening of August 04, front-running accounts and hackers have started returning the stolen funds. The first return was from the front-running hacker of the pETH-ETH pool of JPEG'd, who refunded a total of 6,107 ETH, valued at approximately $11 million.

"Seems like @JPEGd_69 exploiter refunded 6,106.75 $ETH." — MistTrack (@MistTrack_io) August 4, 2023

By the morning of August 05, the JPEG'd team confirmed they had received 5,495.4 WETH from the hacker, and they committed not to pursue legal action, allowing the hacker to keep 10% of the stolen funds as a bug bounty.

Similarly, the hacker of the Alchemix pool sent 1 alETH to the Curve Finance Deployer wallet as a test transaction.

In response, Curve Finance representatives sent a message asking the hacker to return the funds to the Alchemix multisig address.

Alchemix later confirmed that their multisig address had started receiving returned funds from the hacker.

Remaining Pools and Future Actions

As of now, the CRV-ETH and Metronome pools have not been contacted by the hackers for fund returns. On the morning of August 04, Curve Finance also sent an on-chain message offering a 10% reward if these hackers return the stolen funds by August 06.