© 2023 All Rights Reserved.

Curve Finance Attacker Returns $8.9 Million of Stolen Crypto

Curve Finance Attacker Returns Stolen Crypto by web3oclock

In a surprising turn of events, the mysterious attacker responsible for the $61 million heist on Curve Finance has begun returning the drained funds. This unexpected move has raised questions about the motives behind the attack and the potential implications for the affected protocols. Let’s delve into the details of this significant development.

The Heist and Exploited Protocols

On July 30, the Curve Finance protocol fell victim to an attack due to a reentrancy bug, resulting in a loss of over $61 million worth of cryptocurrency. This exploit affected several pools within the protocol, including the Alchemix Finance alETH-ETH pool, the JPEG’d pETH-ETH pool, and the Metronome sETH-ETH pool. Of these, the JPEG’d pool was particularly impacted as it was front-run by a miner extractable value (MEV) bot, diverting the stolen funds to the bot instead of the original attacker. As a response to this breach, the emergency multisignature wallet suspended all rewards for the affected pools on August 2.

A Glimpse of Redemption

Surprisingly, on August 4, a message appeared on the Ethereum network attributed to the attacker. In this message, the attacker stated their intention to return the stolen funds, citing a desire not to “ruin” the projects involved. Interestingly, the attacker clarified that this decision wasn’t driven by the fear of being caught, implying a certain level of autonomy and intentionality behind their actions.

Return of Funds

The return of funds began with the attacker transferring 1 alETH to the Curve Finance deployer account at 11:16 am UTC. Subsequently, within a span of two hours, they executed three separate transfers, totaling 4,820.55 alETH, to the Alchemix development team’s multisig wallet. This marks a significant step towards restitution, as the returned funds are valued at approximately $8.9 million. However, it’s important to note that this amount constitutes only around 15% of the total funds drained during the initial attack.

What Lies Ahead?

Despite this encouraging turn of events, questions still linger regarding the attacker’s true intentions and the fate of the remaining stolen funds. There’s speculation that the MEV bot responsible for diverting some of the funds might also choose to return them. An intriguing detail is that the MEV bot posted a message hinting at negotiations with developers through email, though no verifiable transactions have been recorded yet.

Lessons Learned

This incident sheds light on the vulnerabilities within the DeFi ecosystem and the challenges faced by developers in ensuring the security of their protocols. The reentrancy bug exploited in this attack emphasizes the need for rigorous auditing and continuous security assessments of smart contracts to prevent such vulnerabilities from being exploited.

Furthermore, this incident serves as a reminder of the evolving nature of the crypto landscape, where the line between hackers and ethical actors can be blurred. The attacker’s seemingly principled decision to return the funds for the sake of the projects involved raises intriguing ethical and moral questions within the cryptocurrency community.


The return of $8.9 million by the Curve Finance attacker provides a glimmer of hope amidst the gloom caused by the initial heist. As the DeFi space continues to evolve, this incident emphasizes the importance of collaboration among developers, security experts, and the wider community to strengthen the resilience of the ecosystem against such attacks. The story of this heist and its unexpected resolution showcases the complexity and nuances of the crypto world, where even hackers can surprise us with unexpected gestures of restitution. Only time will reveal the full scope of this unfolding narrative and its impact on the future of decentralized finance.


What happened in the Curve Finance attack and subsequent fund return?

On July 30, a hacker exploited a reentrancy bug in the Curve Finance protocol, resulting in the loss of over $61 million worth of cryptocurrency. The attack targeted pools including Alchemix Finance alETH-ETH, JPEG’d pETH-ETH, and Metronome sETH-ETH. In a surprising twist, on August 4, the attacker returned $8.9 million worth of funds. This included 4,820.55 alETH to Alchemix Finance and 1 Ether to Curve Finance.

Why did the attacker decide to return the stolen funds?

In a message posted on the Ethereum network on August 4, the attacker stated that they were returning the funds not because they had been caught, but because they didn’t want to “ruin” the projects they exploited. The exact motives behind this decision remain unclear, raising questions about the ethical considerations and broader implications of the attacker’s actions.

What lessons can be learned from this incident?

This incident highlights the vulnerability of DeFi protocols to exploits and the importance of rigorous security measures. Developers must conduct thorough audits and ongoing security assessments to identify and address vulnerabilities like the reentrancy bug that was exploited in this attack. Additionally, the incident underscores the evolving nature of the crypto landscape, blurring the lines between malicious hackers and actors with potentially complex motivations. It’s a reminder that the DeFi community needs to be vigilant and collaborative to safeguard the ecosystem against such vulnerabilities and attacks.

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Enjoy These Articles


About © 2022 All Rights Reserved.

Subscribe To Web 3.0 Wired Weekly Newsletter!

Get ready to experience Web 3.0 revolution with our enriched industry updates & entrepreneurial stories.