DeFi platform Curve Finance has officially declared its intention to compensate users who suffered losses in a recent hack that resulted in a $62 million loss.
The platform conveyed through a post on X that their ongoing investigations have been making progress, managing to recover approximately 79% of the stolen funds.
They have also expressed their commitment to individually evaluate each affected user for the purpose of reimbursement.
The goal of this evaluation is to ensure a fair and just distribution of recovered resources. The incident occurred on July 30 and involved malicious actors exploiting vulnerabilities within the historical versions of Curve Finance’s Vyper compiler, specifically targeting versions 0.2.15 to 0.3.0.
Uncovering these vulnerabilities required a high level of expertise and substantial resources, as affirmed by experts in the field. One of the contributors to Vyper mentioned that the attack seemed to have been planned for several weeks before it was executed.
The attack impacted several pools, including CRV/ETH, alETH/ETH, msETH/ETH, and pETH/ETH, and there is a growing concern that the tri-crypto pool on Arbitrum might have also been compromised.
This attack had ripple effects throughout the entire DeFi ecosystem, exposing a significant issue within the emerging cryptocurrency sector: the lack of proper incentives to identify vulnerabilities in previous software versions.
It is worth noting that a reward equivalent to 10% of the hack’s proceeds was offered to the individual responsible for the breach. Upon accepting this bounty, the attacker initiated the process of returning the stolen funds.