Curve, Metronome, and Alchemix Offer 10% Bug Bounty for the Vyper Hack.

On-chain data suggests‌ the protocols ⁣offer a‌ reward of 10% of⁢ stolen funds as a prize,⁣ urging perpetrators ⁣to come forward and return the remaining 90%. The July‍ 30 exploit‌ resulted in the theft of around $70 million worth ⁣of ⁤cryptocurrencies. This would put the bounty at nearly $7 million. ‌

Dear hacker, you've got an incoming messagehttps://t.co/ZKJjrO65PX

— Curve Finance (@CurveFinance) August 3, 2023

The ‍offer includes a guarantee that no further legal action⁢ will be taken become or involvement of law‍ enforcement agencies. The message accompanying the transaction states: “We are attempting to resolve this issue in a civilized manner.”

The protocols stated⁤ in a joint press release that there was⁢ no risk ⁣to you that we would pursue the matter⁤ or that it would⁢ law enforcement​ problems.

If you do not choose to participate ​in Voluntary Return, we offer the full 10% bounty to anyone who can ‌identify you and lead to your conviction in court. We⁣ will pursue your ​case ​to the fullest ​extent of the law.

The trio‍ have provided a direct channel of communication via [email protected], urging those ⁣responsible to⁢ respond immediately. The⁣ group also stressed that anyone wishing​ to ⁤engage in negotiations should verify ownership of their email address.

This attack was caused by a critical vulnerability in versions of the ​Vyper programming language. A broken reentry lock affected multiple pools⁢ using Vyper ‌versions 0.2.15, 0.2.16, and 0.3.0. Four liquidity pools ⁤at Curve Finance were affected.

This security incident has created a new sense of unease in the crypto community and raised concerns about possible knock-on ⁢effects on the DeFi​ ecosystem. Curve Finance’s crvUSD⁢ stablecoin⁣ was briefly ⁢decoupled by the company on Aug. 3 in response to unclear circumstances surrounding the post-exploit protocol.