1 year ago
Twitter accounts impersonating Curve Finance person besides started to beforehand a fake refund strategy further targeting victims of the hack.
A achromatic chapeau hacker has managed to instrumentality astir 2,879 Ether (ETH), worthy astir $5.4 million, from an exploiter and returned it to the decentralized concern (DeFi) protocol Curve Finance amid the caller hack.
On July 30, respective stablepools connected Curve Finance were exploited owed to malfunctioning reentrancy locks connected respective versions of the Vyper programming language. The losses from Curve Finance are estimated to beryllium astir $47 million. However, DeFi protocols that were utilizing the susceptible versions of Vyper were besides exploited, exposing the DeFi ecosystem to a accent test.
#PeckShieldAlert c0ffeebabe.eth has returned 2,879 $ETH (~$5.4m) to #Curve deployer https://t.co/33BJLaq12A pic.twitter.com/2Jq0JOsrhV
— PeckShieldAlert (@PeckShieldAlert) July 31, 2023On the aforesaid day, an ethical hacker seized immoderate of the stolen assets and returned them to Curve Finance. An MEV bot relation with the username “c0ffeebabe.eth” utilized a front-running bot against a malicious hacker to unafraid astir 3,000 ETH. The funds were past returned to the Curve deployer address, which looks to beryllium its rightful custodian.
Amid the chaos, Twitter accounts impersonating Curve Finance and hack victims are promoting a fake refund strategy targeting those who already mislaid their funds successful the caller hack. The authoritative Curve Finance relationship has not published immoderate plans for a refund astatine the clip of writing.
Copycat Curve Finance relationship promoting a fake refund scheme. Source: TwitterMeanwhile, BNB Smart Chain has suffered copycat attacks owed to the Vyper vulnerability. According to information shared by Blockchain information steadfast BlockSec, astir $73,000 were stolen crossed 3 exploits.
Related: Ethereum logs $1M MEV artifact reward amid Curve Finance exploit
Meanwhile, the United States Securities and Exchange Commission (SEC) has adopted caller rules for cybersecurity incidents involving nationalist companies successful the US. The regularisation requires these companies to disclose a cyberattack 4 days aft being considered "material." According to the SEC, the regularisation volition besides necessitate periodic reporting connected policies to place and negociate cybersecurity risks.
Magazine: Should crypto projects ever negociate with hackers? Probably
English (US) 