Curve offering $1.85 million bounty for exploiter's identity (and conviction)

Quick Take

  • Though the exploiter of Curve Finance returned some stolen funds, the DeFi project is offering a public bounty for information about their identity that could lead to a conviction — unless the hacker returns the funds in full.

Curve is offering a $1.85 million bounty to anyone who can accurately identify the DeFi protocol's exploiter in a way that leads to definitive legal repercussions.

"The deadline for the voluntary return of funds in the Curve exploit passed at 0800 UTC," Curve publicly wrote in an Ethereum transaction's input data, adding: "We now extend the bounty to the public, and offer a reward valued at 10% of remaining exploited funds (currently $1.85M USD) to the person who is able to identify the exploiter in a way that leads to a conviction in the courts."

Curve also noted that it would not pursue the issue if the exploiter returns the funds in full, and shared the full message on X (formerly Twitter).

Curve exploiter: 'I'm smarter than all of you'

Over $73 million was drained from Curve's pools on July 30 after an exploiter utilized vulnerable versions of the Vyper programming language to execute reentrancy attacks on targeted stable pools.

The attacker returned stolen crypto to projects Alchemix and JPEGd after being offered a 10% bug bounty, but did not refund other exploited pools.

"I want to clarify that I'm refunding you not because you can find me, it's because I don't want to ruin your project," they explained in a transaction, adding: "Maybe it's a lot of money for a lot of people, but not for me, I'm smarter than all of you."

Funds recovered


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Curve’s factory pools reported a loss of $73.5 million, spread across multiple projects, including JPEGd, Metronome, and Alchemix. As per the data from security firm PeckShield, $53 million, which accounts for 73% of the stolen funds, has been recovered.

The assailant who targeted Alchemix’s alETH-ETH pool on Curve handed back the entire $22 million. This figure consists of more than 12,000 ether (ETH). Additionally, a whitehat intervention successfully prevented a $13 million heist from Alchemix.

The individual responsible for the breach at JPEGd’s pETH-ETH pool returned 90% of the drained assets, amounting to 5,495 ETH ($11.5 million).

Furthermore, the funds misappropriated from Metronome’s sETH-ETH pool and Curve Finance’s CRV-ETH main pool, close to $7 million in total, were returned by an MEV bot operator going by the ENS name c0ffeebabe.eth. PeckShield indicated that there's still an outstanding $19.7 million in stolen funds yet to be returned.

This marks a period of relief for the CRV token. Its value plunged by nearly 30%, dropping from $0.72 to $0.5 immediately after the hack. Currently, it is trading at $0.61 as funds are being returned.

Updated with additional information about the returned funds.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Authors

Adam is the managing editor for Europe, the Middle East and Africa. He is based in central Europe and was a managing editor and podcast host at the crypto exchange OKX's former research arm, OKX Insights. Before that, he co-founded, which he elevated into one of the leading crypto media brands at its peak as the editor-in-chief. Earlier, he served as the editor-in-chief at Before joining the blockchain and crypto industry, he worked for, and He tweets via @XBT002 and can be emailed at [email protected].
Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]


To contact the editor of this story:
Ryan Weeks at
[email protected]