Benevolent hacker pulls back $5.4 million targeted in $52 million Curve Finance hack

This post was originally published on this site

https://content.fortune.com/wp-content/uploads/2023/07/Crypto-Criminals-9-1.jpg?w=2048

In the aftermath of a $52 million hack on Sunday that affected several DeFi projects and the decentralized exchange Curve Finance, a compassionate hacker helped recover and return some of the targeted funds.

In the first exploit, attackers leveraged a vulnerability in the Vyper programming language, which led to funds being drained from DeFi projects including JPEG’d, Metronome, and Alchemix. Another attack later drained millions from a Curve liquidity pool, according to blockchain security company PeckShield.

But in what might’ve been just luck, an anonymous crypto trader, c0ffeebabe.eth, was able to use an Ethereum-arbitrage trading bot to front-run the malicious hackers and recover $5.4 million the hackers were attempting to steal from Curve. The Curve team communicated with the benevolent hacker, who returned the money.

Despite the goodwill created by the anonymous hacker helping to return millions of dollars, the exploit has shaken confidence in Curve—and in DeFi as a whole. The Curve DAO token, associated with the decentralized autonomous organization behind the protocol, has fallen more than 15% over the past 24 hours and was trading on Monday morning near 60 cents, according to CoinMarketCap.

In the second quarter of 2023 alone, $204 million in crypto was stolen by hackers, according to a June report by De.Fi Security.

Learn more about all things crypto with short, easy-to-read lesson cards. Click here for Fortune’s Crypto Crash Course.