Curve Recoups 73% of Hacked Funds, Bolstering CRV Sentiment

A public bounty is now open for finding the remaining funds with a $1.8 million reward.

AccessTimeIconAug 7, 2023 at 7:21 a.m. UTC
Updated Aug 7, 2023 at 3:13 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now
  • White-hat hackers and attackers have returned over 73% of all funds stolen from Curve Finance after the lending platform was attacked last week.
  • The relatively swift recovery has bolstered sentiment for CRV tokens, which have pared most of the losses from a 30% drop following the attack.

Curve Finance has recouped 73% of funds stolen during a hack that saw the lending platform lose over $73 million worth of tokens, causing contagion effects across the broader ecosystem.

Over the past week, all $22 million in ether (ETH) and ether derivatives stolen from lending protocol Alchemix were returned. A trading bot returned 90% in ether stolen from lending platform JPEG'd; pseudonymous ethical hacker “c0ffeebabe.eth” returned over $6 million taken from decentralized-finance, or DeFi, platform Metronome and a Curve trading pool; and another ethical hacker returned $13 million from Alchemix.

Curve, which lets users cheaply swap stablecoins on its platform, was hit by a reentrancy attack that allowed attackers to steal tokens from Curve, and lending and borrowing platforms Metronome and Alchemix. Those affected protocols have since offered a 10% bounty for returning the assets by Aug. 6, as reported.

Reentrancy is a common bug that allows attackers to trick a smart contract by making repeated calls, or software commands, to a protocol in order to steal assets. The attack was traced to faulty code on Vyper, a programming language used to power parts of the Curve system.

Shortly following the attacks, Curve offered a 10% bounty to attackers for the return of the funds. On Friday, the attacker started to return funds to Alchemix after confirming the deposit address in a blockchain message.

Over $18 million in stolen funds are still remaining, with Curve opening up the bounty to the public on Sunday night.

“The deadline for the voluntary return of funds in the Curve exploit passed at 0800 UTC,” Curve Finance said in a blockchain transaction. “We now extend the bounty to the public, and offer a reward valued at 10% of remaining exploited funds (currently $1.85M) to the person who is able to identify the exploiter in a way that leads to a conviction in the courts.

“If the exploiter chooses to return the funds in full, we will not pursue this further,” the protocol added.

The return of funds has buoyed sentiment for Curve — which is often referred to as one of the most influential platforms in the DeFi ecosystem — and its governance tokens CRV.

CRV lost almost 30% of value, from 72 cents to as low as 50 cents, in the days following the exploit and has since pared losses amid the positive developments, trading at 61 cents on Monday morning.

Edited by Parikshit Mishra.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Shaurya Malwa

Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.