With the help of a heroic hacker, Curve Finance recovers its first batch of crypto.
The decentralized finance (DeFi) space experienced a considerable shakeup as Curve Finance, a notable DeFi protocol, suffered an exploit.
Amid this unfortunate incident, a white hat hacker took the spotlight, salvaging about 2,879 Ether (ETH), approximately $5.4 million, from the offender and returned it to Curve Finance.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
How to Create an NFT: Easiest Way (Animated Explainer)
This incident unfolded on July 30th when a glitch in the reentrancy locks of different versions of the Vyper programming language led to the exploitation of several stable pools on Curve Finance.
The total damages incurred by Curve Finance are speculated to be approximately $47 million. However, other DeFi protocols employing the vulnerable Vyper versions also fell victim to the exploit, stretching the DeFi landscape thin under this stress test.
In a swift counteraction, an ethical hacker known by the pseudonym "c0ffeebabe.eth" managed to confiscate part of the ill-gotten assets and return them to Curve Finance. Operating as a maximal extractable value bot handler, they utilized a front-running bot to outsmart the adversary and secure nearly 3,000 ETH.
During this hectic period, a series of X accounts posing as Curve Finance and the victims of the hack started promoting fake refund schemes. This scheme targeted individuals who had already suffered losses from the recent exploit.
No official announcements about any refund plans have been made by Curve Finance at the time of reporting.
Simultaneously, copycat attacks sprang up on the BNB Smart Chain due to the vulnerability in Vyper. BlockSec, a blockchain security firm, revealed that these attacks accounted for roughly $73,000 stolen across three separate exploits.
In other news, the US Securities and Exchange Commission (SEC) has formulated new guidelines to address cybersecurity incidents involving publicly listed companies in the United States. The rule stipulates that any cyberattack deemed "material" must be disclosed within four days. Additionally, the SEC rule mandates periodic reporting on policies aimed at identifying and managing cybersecurity risks.