JPEG’d Retrieves $10M in Ether from Curve Finance Hacker
Inside the Cyber Heist
Earlier, a cyber attacker targeting Curve Finance made off with a colossal sum, approximating a loss of $70 million across various liquidity pools. But there's a twist - the perpetrator has initiated a surprising return of these ill-gotten gains to their rightful owners.
JPEG'd, the NFT-linked finance protocol, affirms that it has recovered 5,495 Ether, which equates to around $10 million at prevailing rates. This retrieval came at a cost - the hacker was compensated with a bounty of 610.6 ETH, or about $1.1 million, as part of the deal.
JPEG'd stands out as a decentralized platform allowing enthusiasts to leverage their NFTs as collateral for borrowing. This Curve Finance incursion had earlier lightened the protocol's coffers by an estimated $11.6 million in cryptocurrency.
Recovery and Reconciliation
On August 4th, via a Twitter thread, JPEG’d's squad clarified that the recouped funds have found their way back to the multisig wallet of the protocol's decentralized autonomous entity.
In a notable gesture, the JPEG’d team remarked, "Pending investigations and potential legal actions against the hacker will now cease. We're classifying this episode as a benevolent white-hat intervention."
Aftermath of the Security Breach
The digital finance realm, especially the DeFi sector, grappled with turmoil when Curve Finance's liquidity pools were systematically raided last month.
Using a vulnerability in the Vyper smart contract programming language that these pools employed, the hacker managed to pilfer crypto assets valued at approximately $70 million.
This lapse had repercussions for several platforms like the Ellipsis decentralized exchange, Alchemix lending, JPEG’d, and the synthetic protocol Metronome. Together, these platforms bore the brunt of millions lost, with Curve Finance also parting with $22 million in CRV tokens.
As a countermeasure, on August 3rd, a collaborative initiative was rolled out by Alchemix, Metronome, and Curve. They dangled a 10% bounty for the culprit, promising immunity from legal consequences if the lion's share (90%) of the stolen assets were returned.
Seemingly, within a day, the hacker relented and has since been methodically returning what was taken, with other projects also confirming similar restitutions.