What can be described as a semblance of good tidings has arisen among users of Curve Finance following the protocol’s announcement of its plan to refund its users.
As a consequence of the exploitation it suffered, last month, Curve Finance revealed its intention to refund users who were affected by the $62 million hack.
Providing further insight, a post by Curve Finance explained that significant progress has been made in their investigation recovering over 79% of the stolen funds. The post also foregrounds the stance of the protocol in prioritizing the assessment of the proportional portions of each affected user. This assessment is intended to guarantee an equitable distribution of resources to users.
More about the Hack
The hack which took place on the 30th of July 2023 was facilitated by vulnerabilities embedded in the release history of Curve Finance’s Vyper compiler.
The actor responsible for the exploit focused specifically on versions 0.2.15 to 0.3.0 of the Vyper compiler. This shows unequivocally the hacker’s vastness and adept knowledge of the loopholes within the historical iterations of Vyper. This is because the identification of this loophole requires a high-level understanding accompanied by sophisticated resources. This has been and proven by the hacker.
Still, on the nature of this hack, speculations have been made that the hack had been painstakingly planned before it was executed. One of Vyper’s contributors believes that the hack must have taken the hackers weeks or months to execute. This has also raised concerns about the tri-crypto pool on Arbitrum which might have also been subjected to this hack.
Attempts to recover the stolen funds
To facilitate a refund, the protocol offered a 10% bounty to the individual responsible for the hack. As soon as the hacker accepted the offer, the hacker began to repatriate the stolen funds. This was monitored on Etherscan data, which confirmed that the individual behind the attack made three different transactions to the Alchemix Finance developer wallet.
The total amount transferred amounted to 4,821 Ethereum (ETH)- $8,891,578. However, the restitution process has not yet been completed as of the time of this writing.