The cryptocurrency sector experienced a swift turnaround when over $61 million taken in a major cyber heist was returned. On July 30, a hacker orchestrated a large-scale breach on Curve Finance, targeting pools with vulnerabilities in the Vyper programming language. Alchemix, a major lending platform, saw a loss of $13.5 million, while JPEGd and Metronome were also severely affected with losses of $11.3 million and $1.6 million, respectively.
Just days after the digital crime, Curve, Metronome, and Alchemix united to hatch a recovery plan. The joint effort involved enticing the hacker with a 10% bounty from the stolen funds, approximating a whopping $7 million, if they returned the remaining stash. The strategy worked faster than expected. The very next day, the perpetrator began sending the funds back, starting with a deposit of 4,820.55 Alchemix ETH (alETH) to Alchemix's vault.
Accompanying the restitution was a notable on-chain message by the attacker to both Alchemix and Curve. It read that they refunded the project not because they want to get caught but rather not "ruin" the developers' project. This statement suggests the hacker's actions weren't rooted in malevolence but rather, they were perhaps driven by the thrill of the act.
JPEGd, a nonfungible token protocol, was among the beneficiaries of the hacker's change of heart, with the full 5,495 Ether being returned. Grateful and aiming to close the chapter, the JPEGd team announced they would drop any legal pursuits. "Any further investigations or legal matters against the entity will end. We view this occurrence as a white-hat rescue,” they remarked.
The incident, while highlighting the vulnerabilities of digital assets, also underscores the complex motivations behind such hacks and the potential of innovative solutions in addressing cybercrimes.
Comment 0