- A hacker who took over $70 million from Curve’s DeFi platform has returned around $52 million
- Curve engaged in negotiations and offered the hacker 10% retention if the rest was returned, giving a deadline of August 6
- However, the return came after the deadline, leading Curve to offer a $1.85 million bounty for the hacker’s identification in relation to legal action.
A hacker who made off with more than $70 million from the DeFi lending platform Curve last week has chosen to return approximately $52 million of the stolen assets, but this may not be enough to get them off the hook. The funds were relinquished following negotiations between Curve and the hacker after Curve offered to let them keep 10% of the stolen amount if the rest was returned. However, the return of funds has come after the deadline, leading to Curve now offering a doxing bounty instead.
Curve Offered 10% Olive Branch
Curve told the hacker last week that it would allow the hacker to keep 10% of what was taken if the rest was returned, a tactic that has been used more and more recently to good effect.
Notably, the hacker engaged in conversations with Curve’s operators, with the potential return of funds averting a potential crisis for Curve’s founder and CEO, Michael Egorov, who was at risk of liquidation due to an $85 million loan supported by $168 million worth of CRV tokens.
“I’m Smarter Than All of You”
The hacker eventually agreed to return $52.3 million worth of tokens, but the olive branch was seized too late; the Curve-imposed deadline had already passed, leading the lender to inform the hacker that it was now taking things to the next step. The repayment also included a message from the hacker:
I want to clarify that I’m refunding you not because you can find me, it’s because I don’t want to ruin your project … Maybe it’s a lot of money for a lot of people, but not for me, I’m smarter than all of you.
This will be seen as a challenge to the crypto community, especially with Curve now offering a $1.85 million bounty to anyone who can successfully identify the hacker in a manner that leads to legal action.