Hacker Returns $5.4 Million to Hacked Curve Finance Protocol
Date: 2023-07-31 Author: Karina Ziganova Categories: CRYPTO PAYMENTS, IN WORLD
A hacker under the nickname c0ffeebabe.eth returned 2879 ETH (worth about $5.4 million) to the decentralized finance (DeFi) protocol Curve Finance. The money was diverted from the CRV-ETH liquidity pool at the time of the exploit.
Using the MEV bot, the hacker was able to get ahead of the attacker by protecting 2879 ETH. He later returned this amount to Curve's address, according to on-chain data.
However, the amount recovered is only a small fraction of all the money stolen. In total, the Curve Finance vulnerability allowed fraudsters to gain access to assets worth over $47 million. In addition, Vyper's problems allowed attackers to conduct a similar attack on the blockchain of the Binance crypto exchange – BNB Smart Chain (BSC) and withdraw assets worth about $73,000 from it.
What happened to Curve Finance
Curve Finance faced a major hack that took place in two stages. Initially, hackers stole about $26 million due to the vulnerability of re-entry in pools. This was followed by the second stage of the attack, during which 7.1 million CRV ($4.4 million) and 7680 Wrapped Ether ($14.37 million) were withdrawn from the CRV-ETH pool of Curve Finance.
The Curve incident was due to a vulnerability in an outdated version of the Vyper programming language. She admitted problems with re-entering the Curve smart code. This bug allowed the attackers to withdraw funds from multiple projects. As a result, the total locked value of Curve Finance (TVL) fell sharply after the attack: from $3.26 billion to $1.72 billion, which is a drop of almost 46% in 24 hours.
Hackers stole hundreds of millions of dollars in 2023
In the first half of 2023, attackers stole $655.61 million through hacks, phishing scams, and rag pools. The fraudsters carried out 108 attacks on protocols, 110 rag pulls and a number of phishing scams and embezzled $471.43 million, $75.87 million and $108 million, respectively.
In addition, hackers laundered about $244.5 million in cryptocurrency in the first half of the year. Most of all, they received as part of the hacking of the Harmony Bridge cross-chain bridge (about $ 100 million).
