Curve Finance offers $1.85M reward to identify attacker

Once the voluntary return period expired, the Curve team proposed a reward amounting to 10% of the remaining exploited funds

article-image

WindAwake/Shutterstock, modified by Blockworks

share

Curve Finance is offering a bounty of $1.85 million to anyone who can assist in identifying the person responsible for exploiting their protocol, in a manner that could culminate in a lawful conviction in court.

“If the exploiter chooses to return the funds in full, we will not pursue this further,” the team behind the DeFi protocol said on Aug. 6.

On July 30, the DeFI protocol fell victim to a software bug, resulting in the loss of more than $70 million in various digital assets.

One or more attackers took advantage of vulnerable versions of a programming language known as Vyper, using them to perform re-entrancy attacks on select Curve liquidity pools.

Loading Tweet..

Curve is seen as the most structurally significant decentralized exchange in the DeFi landscape, with liquidity of $3 billion. Its importance particularly resonates in the stablecoin swap markets — an area that remained unaffected during these incidents.

On Aug. 3, Curve and other protocols impacted by the breach proposed a 10% bug bounty to the infiltrator, amounting to over $6 million. 

Some of the misappropriated assets were subsequently returned to Alchemix and JPEGd, but not the other impacted pools.

According to PeckShield, 73% of stolen funds (worth about $52.3 million) have been returned as of Monday.

Following the incident, the attacker issued an on-chain message, maintaining that their decision to return the stolen assets was motivated by a desire not to inflict additional damage on the involved projects.

“I saw some ridiculous views, so i want to clarify that I’m refunding you not because you can find me, it’s because I don’t want to ruin your project, maybe it’s a lot of money for a lot of people, but not for me, I’m smarter than all of you,” the exploiter wrote in an on-chain message.

Curve’s CRV governance token is down over 6% in the last seven days, and was last trading at $0.61. Post the attack, it briefly plummeted below $0.50, amid fears that CRV collateral used on DeFi lending platforms could be liquidated en masse.


Get the news in your inbox. Explore Blockworks newsletters:

  • Blockworks Daily: The newsletter that helps thousands of investors understand crypto and the markets, by Byron Gilliam.
  • Empire: Start your morning with the top news and analysis to inform your day in crypto.
  • Forward Guidance: Reporting and analysis on the growing intersection of crypto and macroeconomics, policy and finance.
  • 0xResearch: Alpha directly in your inbox. Market highlights, data, degen trade ideas, governance updates, token performance and more.
  • Lightspeed: Built for Solana investors, developers and community members. The latest from one of crypto’s hottest networks.
  • The Drop: For crypto collectors and traders, covering apps, games, memes and more.
  • Supply Shock: Tracking Bitcoin’s rise from internet plaything worth less than a penny to global phenomenon disrupting money as we know it.
Tags

Upcoming Events

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Research Report Templates.jpg

Research

Bluefin possibly stands at an inflection point. The token is near an all-time low yet the protocol’s spot volume market share and derivatives exchange usage have been increasing month over month since its November launch. Given its current market position and the upcoming upgrades (for both Bluefin and SUI), there may be upside potential before the increased supply growth in December. However, strong opposition from existing competitors (like Cetus and Suilend), as well as new entrants (like Aftermath), pose key challenges to Bluefin’s medium-term success.

article-image

Introducing garbled circuits for enhanced privacy and regulatory compliance

article-image

Ross Ulbricht was a freedom maximalist building freedom tech, powered by Bitcoin

article-image

Solana validators can reap benefits including payments, votes and community clout

article-image

Sponsored

WalletConnect is cementing itself as the essential connectivity layer, ensuring wallets remain the entry point for billions of users

article-image

According to a legal filing, Galaxy Digital helped boost the price of LUNA while quietly selling its tokens

article-image

Tech fund portfolio manager Dominic Rizzo calls stablecoins “the most obvious use case for crypto”