In a remarkable display of white hat hacking, an ethical hacker managed to recover approximately 2,879 Ether (worth $5.4 million) from an exploiter and promptly returned it to the Curve Finance decentralized finance (DeFi) protocol following a recent hack.
Ethical Hacker Recovers ETH for Curve Finance
The incident occurred on July 30, when several stable pools on Curve Finance fell victim to a vulnerability caused by malfunctioning reentrancy locks in various versions of the Vyper programming language. The losses incurred by Curve Finance were estimated at around $47 million. This also exposed other DeFi protocols using vulnerable Vyper versions to a stress test.
However, amidst the chaos, an ethical hacker stepped in to retrieve a portion of the stolen assets and returned them to Curve Finance. Going by the username “c0ffeebabe.eth,” this white hat hacker deployed a front-running bot to counter the malicious hacker and successfully secured nearly 3,000 ETH. The funds were then safely returned to the Curve deployer address, indicating they were rightfully reclaimed.
Unfortunately, the situation gave rise to Twitter accounts impersonating Curve Finance and hack victims, promoting fake refund schemes aimed at those who already lost their funds in the recent hack. It’s crucial to note that the official Curve Finance account has not announced any plans for a refund as of the time of writing.
In a related development, the Vyper vulnerability also affected BNB Smart Chain, resulting in copycat attacks that led to approximately $73,000 being stolen across three exploits, according to blockchain security firm BlockSec.
Meanwhile, the U.S. Securities and Exchange Commission (SEC) has taken steps to address cybersecurity incidents involving public companies in the United States. Under the new rule, these companies are required to disclose any cyberattack deemed “material” within four days. Additionally, the SEC’s rule mandates periodic reporting on policies aimed at identifying and managing cybersecurity risks. This move reflects the growing importance of cybersecurity in the financial sector.