Curve Finance, together with MetronomeDAO and Alchemix Finance, has initiated a negotiation with the hackers, issuing a subtle warning.
In an on-chain message sent via Ethereum on Thursday, the DeFi trio offered the exploiters a “10% bounty of any stolen funds” in exchange for returning the rest.
They set a deadline of August 6 at 8 am UTC.
Curve Finance, a major decentralized exchange on Ethereum, experienced a hack on July 30, resulting in a loss of approximately $52 million in various tokens. The team confirmed that three pools of ETH derivatives from MetronomeDAO, Alchemix Finance, and JPEG’d suffered losses.
Representatives from Curve Finance, MetronomeDAO, and Alchemix sent an on-chain message to one of the hacker’s addresses, warning that if they reject the white-hat bounty, the teams will “expand the bounty to the public,” offering the same amount to any whistleblower or investigator who brings them proof.
The DeFi teams are prepared to take legal action against them.
The message stated that the DeFi teams intend to pursue the hacker “from all angles with the full extent of the law.”
Curve Finance hacker on the run
At least one exploiter has already come forward, according to an update from security auditing firm PeckShield.
PechShield shared a transaction sent from an Ethereum address that is identified to have front-run an exploit attempt on JPEG’d.
On the day of the hack, several MEV bots had front-run the hacker’s transaction, siphoning the funds that would have gone to the hacker’s address.
Miner Extractable Value bots, or MEV bots, are automated programs that identify profitable opportunities within the Ethereum mempool and then frontruns that transaction for their profit.
While one of the frontrunners came out and returned up to $5.4 million on the same day, it appears that others are still sitting on their bounty.
Today’s on-chain message from one of the frontrunners was to verify the identity of an email sent to the JPEG’d team on Aug 4.
It read: “This is to verify the email sent to email@example.com at Aug 4th 2023 5:27 UTC is from this address.”
The JPEG’d team has also found a lead with the help of pseudonymous on-chain sleuth ZachXBT.
This morning, the on-chain investigator tagged Michael Razoumovitch on Twitter, asking them to “please make this easier on all of us” and get in touch with JPEG’d or ZachXBT.
ZachXBT later replied to the same tweet writing that while Razoumovitch “claimed ownership” of the address in question, he claimed that his “contract was exploited in May 2023.”