Curve hacker behind $61M heist begins returning funds
The original attacker for the $61 million Curve, Metronome, and Alchemix exploit began returning funds that were drained in the attack. The Alchemix Finance developer wallet received approximately 4,821 Ether ($8,891,578) in a series of three transactions from the attacker.
Curve Finance was exploited via a reentrancy bug on July 30. The exploit affected pools created through the Vyper protocol, including pETH-ETH, alETH-ETH, and msETH-ETH. Over $61 million worth of tokens was lost in the attack. Pools not created through Vyper were unaffected.
The same day, a miner extractable value (MEV) bot that drained 6,106 Ether from the Curve Finance pETH-ETH pool has transferred the funds into an unknown address, which represents nearly all of the drained funds. This event occurred after the bot’s address sent a message on the Ethereum blockchain seeking to prove that their email address was associated with the frontrunning bot.
Per community reports, MEV frontrunning bot detected the attack on the pETH-ETH pool and successfully drained funds from them before the attacker could perform their action. As a result, the attacker’s account failed to obtain the drained funds.
Update (8/4/2023 4:35PM UTC): This article had been updated to remove the current speculation regarding the transfer of funds involving the MEV frontrunner.