Aug 4, 2023

The exploiter responsible for draining $61 million assets held on decentralized exchange Curve Finance has returned some of the stolen crypto after engaging in talks with one of the victims on Friday, blockchain data shows.

Video transcript

Talking about curve finance and that $61 million re entr hack that happened over last weekend in which a hacker was able to drain a bunch of different token pools because of this unknown bug in a compiler. Anyway, uh the D five protocols that have been affected. Curve Alex and Metronome, I believe, have been trying to get their money back, attempting to negotiate with the hackers. And today, there was a breakthrough after promising not to pursue the hackers if they return at least 90% of the funds. Uh One of the hackers seems to have sent $10 million back to Metronome and this is the result of some successful negotiations already. And we're starting to see that this surprising outreach campaign is actually working. So, um will I'll start off with you? What do you think of the situation? Good news at the very least. I mean, we like to see when people decide to give money back after these hacking situations. It's become much more common after these hacks to see at least part of the money go back. And that's often spurred for two reasons. One, the bounty, which is typically put out there as a carrot. And two, the possibility of a stick that being like the US government or someone else coming after you and ruining your life, throwing you in jail. But the last example we have, this was with mingle markets back in the fall uh where there was a, a developer who hacked mingle markets using uh what was actually pretty, fairly like open market techniques in order to squeeze uh profits from the trading platform. Uh Mingle markets was essentially wrecked during it and could not operate for quite a while. And then as more information came to light, this person was found out and that person's life is now uh dealing with the justice department, which is not a whole great situation. But if you can go in the other way, you know, get like a 10% bounty, give the money back and claim to be like a white hack or at the very least a gray hat hacker, then you avoid bars. And so we've seen this quite a bit with crypto. One thing I want to pull on here is just see, it's this idea of like libertarian markets, right? Where often in traditional markets, if you get hacked or something goes wrong. Well, you can always call the cops and they can come fix your problem. It might take years, but it typically is resolved in some way if there's enough money in the wildlife of di, I mean, there's not often someone to call unless, you know, you really have a good line there. And so sometimes these hacks with the, just put up a bounty and then there's reversal hacks right where you get docs and they figure out where you are, who you are, uh, what your trading strategies are. And sometimes it's actually worse to not come forward, uh, and, and accept the bounty. So I think that there's some possibility we could see this reversal here, which would be amazing for the current ecosystem uh might get everyone off with just a warning as opposed to a lesson but definitely positive development this morning, Zach. Yeah, the whole, you're alluding to the mango, the Avey Eisenberg episode where one man's quote unquote applied game theorist is another's market manipulator. And that's sort of the essential tension of D I, what is off limits and what is fair game if the code allows it, what's the problem? Uh It's where D I intersects with the real world and the real legal system where you see some of these big ramifications play out uh on people's lives. And so I think again, the looter behind this uh incident is probably reckoning with that and reckoning with the fact that because these systems are uh transparent are public are auditable. It's really hard to get out of the bank vault with the money after you do the heist, right? It's really difficult to escape uh undetected and with your ill gotten gains. So often you sort of see again this, this turnabout where a hacker becomes a white hat hacker. After the fact, when presented with an a path for escape, that may be some percentage of what was, what was, what was initially pilfered. And we seem to be seeing that here. I think there's a lot of stuff to talk about as this relates again, to sort of the knock on effects that we saw with this, with the uh the the curve crisis and the potential liquidation that Michael Aroff was facing and all that good stuff. But as it relates to the money taken from the initial incident itself, which is not huge again in the history of D I hacks. Uh but certainly the ramifications that played out over this past week have been notable and worth opining about. So I'll also be in case he has any thoughts on sort of how this whole thing has unfolded. Yeah, I don't have much to add to that. I thought you and uh will put it very eloquently there. Uh I, I just think it's strange as you say that uh that a criminal person could go from criminal to hero uh in, in the, in the switch of an ice. So it's fascinating to watch this play out.

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.