Introduction
Curve Finance, a decentralized exchange (DEX), has opened a bounty program after an exploiter missed the deadline to return stolen funds. The exploiter had taken advantage of a vulnerability in the DEX’s smart contract on February 13th, resulting in a loss of roughly $3 million worth of cryptocurrency.
Details of the Exploit
The exploit was a result of a bug in the smart contract that allowed the attacker to create a large number of synthetic tokens, which they then exchanged for Curve’s stablecoin, DAI. The attacker was able to manipulate the price of DAI, causing it to drop significantly, and then exchanged the DAI for other cryptocurrencies. The exploit resulted in a loss of roughly $3 million worth of cryptocurrency.
After the exploit was discovered, Curve Finance took measures to mitigate the damage. The DEX’s developers were able to identify the attacker and contacted them, demanding that the stolen funds be returned. The attacker agreed to return the funds by February 16th, but failed to do so.
Bounty Program
As a result of the attacker’s failure to return the stolen funds, Curve Finance has opened a bounty program. The program offers a reward of up to $1 million for information that leads to the identification and arrest of the attacker. The bounty program is being run in collaboration with blockchain analytics firm Chainalysis.
Related:Curve, Metronome, and Alchemix Offering Bug Bounty Program with Vyper
Conclusion
The Curve Finance exploit is just the latest in a series of high-profile hacks and exploits in the cryptocurrency world. The use of decentralized exchanges has made it easier for attackers to exploit vulnerabilities in smart contracts. The bounty program offered by Curve Finance is one way to combat these exploits and make it more difficult for attackers to get away with stolen funds.
