{"id":20617,"date":"2023-08-03T22:15:23","date_gmt":"2023-08-03T22:15:23","guid":{"rendered":"https:\/\/nftandcrypto-news.com\/crypto\/curve-metronome-and-alchemix-offering-10-bug-bounty-on-vyper-hack\/"},"modified":"2023-08-03T22:15:25","modified_gmt":"2023-08-03T22:15:25","slug":"curve-metronome-and-alchemix-offering-10-bug-bounty-on-vyper-hack","status":"publish","type":"post","link":"https:\/\/nftandcrypto-news.com\/crypto\/curve-metronome-and-alchemix-offering-10-bug-bounty-on-vyper-hack\/","title":{"rendered":"Curve, Metronome and Alchemix offering 10% bug bounty on Vyper hack"},"content":{"rendered":"

<\/p>\n

\n

Decentralized finance (DeFi) platforms Curve, Metronome and Alchemix have jointly announced an initiative to recover stolen funds from the recent exploits of Curve\u2019s pools.<\/p>\n

According to on-chain data, the protocols are offering a 10% bounty of the stolen funds as a reward, urging those responsible for the exploit to step forward and return the remaining 90%. The exploit on July 30 resulted in the theft of roughly $70 million in cryptocurrencies, which would bring the bounty close to $7 million. <\/p>\n

\n

Dear hacker, you’ve got an incoming messagehttps:\/\/t.co\/ZKJjrO65PX<\/p>\n

\u2014 Curve Finance (@CurveFinance) August 3, 2023<\/a><\/p><\/blockquote>\n

The offer comes with a guarantee of no further legal actions or involvement of law enforcement. \u201cWe want to resolve this in a civilized manner,” says the message included in the transaction.<\/p>\n

\u201cYou will have no risk of us pursuing this further, no risk of law enforcement issues,” the protocols said in a joint statement, adding:<\/p>\n

\u201cIf you choose not to partake in the voluntary return and complete the process by 6 August at 0800 UTC, we will expand the bounty to the public, and offer the full 10% to the person who is able to identify you in a way that leads to your conviction in the courts. We will pursue you from all angles with the full extent of the law.”\u00a0<\/p><\/blockquote>\n

The trio has provided a direct channel for communication via curvenegotiation@protonmail.com and urged the responsible parties to respond immediately. It also emphasized that any individuals reaching out for negotiations must verify their ownership of the email address on-chain.<\/p>\n

The attack\u00a0occurred due to a critical vulnerability\u00a0in versions of the Vyper programming language. Several pools using Vyper 0.2.15, 0.2.16 and 0.3.0 were targeted by a malfunctioning reentrancy lock, affecting four liquidity pools on Curve Finance. <\/p>\n

The security incident has delivered a fresh sense of uncertainty across the crypto community, raising concerns about a possible domino effect on the DeFi ecosystem. Curve Finance\u2019s native stablecoin, crvUSD, briefly depegged on Aug. 3, reacting to the hazy circumstances surrounding the protocol after the exploit. <\/p>\n

Magazine:\u00a0Should crypto projects ever negotiate with hackers? Probably<\/em><\/strong><\/p>\n<\/div>\n