Curve Finance offers $1.85M reward to identify attacker

Once the voluntary return period expired, the Curve team proposed a reward amounting to 10% of the remaining exploited funds

by Shalini Nagarajan /
article-image

WindAwake/Shutterstock, modified by Blockworks

share

Curve Finance is offering a bounty of $1.85 million to anyone who can assist in identifying the person responsible for exploiting their protocol, in a manner that could culminate in a lawful conviction in court.

“If the exploiter chooses to return the funds in full, we will not pursue this further,” the team behind the DeFi protocol said on Aug. 6.

On July 30, the DeFI protocol fell victim to a software bug, resulting in the loss of more than $70 million in various digital assets.

One or more attackers took advantage of vulnerable versions of a programming language known as Vyper, using them to perform re-entrancy attacks on select Curve liquidity pools.

Loading Tweet..

Curve is seen as the most structurally significant decentralized exchange in the DeFi landscape, with liquidity of $3 billion. Its importance particularly resonates in the stablecoin swap markets — an area that remained unaffected during these incidents.

On Aug. 3, Curve and other protocols impacted by the breach proposed a 10% bug bounty to the infiltrator, amounting to over $6 million. 

Some of the misappropriated assets were subsequently returned to Alchemix and JPEGd, but not the other impacted pools.

According to PeckShield, 73% of stolen funds (worth about $52.3 million) have been returned as of Monday.

Following the incident, the attacker issued an on-chain message, maintaining that their decision to return the stolen assets was motivated by a desire not to inflict additional damage on the involved projects.

“I saw some ridiculous views, so i want to clarify that I’m refunding you not because you can find me, it’s because I don’t want to ruin your project, maybe it’s a lot of money for a lot of people, but not for me, I’m smarter than all of you,” the exploiter wrote in an on-chain message.

Curve’s CRV governance token is down over 6% in the last seven days, and was last trading at $0.61. Post the attack, it briefly plummeted below $0.50, amid fears that CRV collateral used on DeFi lending platforms could be liquidated en masse.

Get the news in your inbox. Explore Blockworks newsletters:

Tags

Upcoming Events

Digital Asset Summit 2025

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

recent research

Research

by Research Team

news

article-image

The Breakdown

Thursday links: Blockchain stocks, barroom compliance and NFT treasuries

For just $54, you, too, could send a memecoin 500% higher

by Byron Gilliam /
article-image

Lightspeed NewsletterWeb3

5 biggest Solana moments of 2025 (so far)

Memecoins, tech, and inflation have dominated the first half of the year

by Jack Kubinec /
article-image

Forward Guidance NewsletterPolicy

How inflation breakevens signal eroding Fed independence

As the Trump administration continues to test Fed independence, markets are beginning to react

by Felix Jauvin /
article-image

0xResearch NewsletterDeFi

Ethereum stakers face 9-day wait as stETH loops fall into the red

An Aave interest rate shock prompted over 475,000 validators to exit and pushed stETH into a prolonged depeg

by Macauley Peterson /
article-image

DeFiPolicy

Hacker, IRS agent take Storm trial stand as government winds down case

While Roman Storm’s team is set to present its case, it’s not yet clear if the Tornado Cash founder will testify

by Ben Strack /
article-image

The Breakdown

How Helium demonstrates crypto’s utility

A wireless network inspired by lost drones is now helping telco carriers reach your phone indoors

by Byron Gilliam /