Curve Finance has made significant progress in recovering funds stolen during a hack, which saw the platform lose over $73 million worth of various tokens. In the past week, $22 million in Ether (ETH) and Ether derivatives were returned, as well as 90% of Ether stolen from JPEGd, over $6 million from synthetic protocol Metronome, and $13 million from Alchemix.
The attack was traced to faulty code on Vyper, a programming language used to power parts of the Curve system. Curve offered a 10% bounty to attackers for the return of the funds, and the attacker started to return funds to Alchemix after confirming the deposit address in a blockchain message.
The deadline for the voluntary return of funds in the Curve exploit passed at 0800 UTC, Curve Finance said in a blockchain transaction. We now extend the bounty to the public, and offer a reward valued at 10% of remaining exploited funds (currently $1.85M) to the person who is able to identify the exploiter in a way that leads to a conviction in the courts.
Over $18 million in stolen funds are still remaining, with Curve opening up the bounty to the public. The return of funds has buoyed sentiment for Curve and its governance tokens CRV, which lost almost 30% of value in the days following the exploit and has since pared losses.