DeFi Teams Offer $7 Million Bug Bounty to Vyper Hacker

Reading Time: 2 minutes
  • Three decentralized finance platforms have offered the Vyper hacker 10% of the stolen funds as a bug bounty
  • The offer covers funds stolen from Curve, Alchemix and Metronome which amounts to nearly $70 million
  • Curve threatened to involve security agencies in case the hacker declines the offer

Three decentralized finance platforms have offered the Vyper hacker 10% of the stolen funds as a bug bounty. The offer covers funds lost by the DeFi protocol, Alchemix and Metronome which amount to almost $70 million. Failure to take the offer will see Curve involve security agencies in hunting down the malicious actor who exploited a weakness in some versions of the Vyper programming language to drain Curve’s liquidity pools.

Sunday Deadline

In an on-chain message, the DeFi platform promised the hacker that taking up the deal will exempt them from the “risk of [Curve] pursuing [them] further.”  However, the hacker has up to Sunday, August 6 to agree to the offer.

Failure to respond by August 6 will see Curve and the three other affected DeFi protocols offer the payout to anyone who’ll provide reliable information as to the hacker’s whereabouts to invoke “the full extent of the law.”

The three firms have also provided a joint email address to be used for any communication regarding the Vyper hack. However, anyone who volunteers information through email must prove ownership of the address on-chain.

Some Hackers Want to Keep the Entire Loot

Curve’s outreach efforts resemble those of Jimbos Protocol which also reached out to its exploiter with a 10% bug bounty with hopes of recovering stolen funds. DeFi platforms are increasingly turning to law enforcement agencies like the U.S. Homeland Security to recover siphoned funds.

While some malicious actors have returned stolen funds in exchange for a bounty, others like the Mango Markets hacker have openly expressed an interest in keeping the entire loot.

With Curve Finance threatening to involve security agencies, it’s to be seen whether the hacker will take the offer.