Alchemix returns stolen funds from Curve pools

Alchemix returns stolen funds from Curve pools

The Return of Stolen Funds Signals a Victory against Hackers in the Blockchain Industry

The blockchain industry is no stranger to hacking incidents and the subsequent loss of millions of dollars worth of cryptocurrencies. However, in a recent turn of events, the lending platform Alchemix announced the successful recovery of all funds stolen by the Curve finance hacker. This development marks a significant victory for the blockchain industry, highlighting the potential for collaboration and restitution in the face of cybersecurity threats.

The Attack and its Impact

On July 30, an attacker exploited vulnerable versions of the Vyper programming language, initiating reentrancy attacks on stable pools within Curve Finance. This attack resulted in over $61 million in cryptocurrencies being drained, with Alchemix’s alETH-ETH pool accounting for $13.6 million of the stolen funds. JPEGd’s pETH-ETH pool also suffered losses amounting to $11.4 million, while Metronome’s sETH-ETH pool saw a depletion of over $1.6 million.

Reentrancy attacks, a commonly exploited vulnerability in smart contracts, occur when an attacker repeatedly calls a contract function before previous executions are completed, allowing them to drain funds or manipulate contract states. The successful execution of such an attack requires careful exploitation of the contract’s logic and a deep understanding of its inner workings.

The Path to Recovery

In response to the attack, Alchemix, Curve Finance, and Metronome collectively launched an initiative to recover the stolen funds. On August 3, they announced a bug bounty offer, promising a 10% reward of the seized funds to anyone involved in the exploit who chose to return the remaining 90%. This appeal aimed to incentivize the hacker to restore the funds and foster a collaborative approach to resolving the issue.

The hacker ultimately accepted the bug bounty offer, resulting in the return of the stolen funds. In less than 24 hours after the bounty offer, Alchemix’s attacker began sending back the funds, with 4,820.55 Alchemix ETH (alETH) being returned to the Alchemix Finance team. The entire transaction was completed on August 5. The hacker’s decision to return the funds was attributed to their desire not to “ruin” the projects involved.

The successful recovery of funds demonstrates the potential of ethical engagement between blockchain projects and hackers. By offering a reward for the return of the stolen funds and refraining from pursuing legal action, the victims of the attack aimed to foster an environment of redemption and cooperation within the blockchain community.

The Implications for the Blockchain Industry

This incident emphasizes the importance of security in the blockchain industry. While blockchain technology offers unparalleled transparency and decentralization, it is crucial to address vulnerabilities proactively to prevent malicious actors from exploiting them. Through initiatives like bug bounties and collaborative recovery efforts, the industry can collectively work towards fortifying the security of blockchain projects and ensuring minimal disruption from hacking incidents.

Additionally, the successful retrieval of stolen funds sets a precedent for the treatment of hacking incidents within the blockchain industry. Instead of resorting solely to legal action, this incident highlights the potential for restorative justice, where hackers are given the opportunity to reconcile and contribute positively to the ecosystem they once targeted. By reframing hacking incidents as “white-hat rescues,” the industry can encourage ethical progress and growth.


The return of stolen funds by the Curve finance hacker exemplifies the resilience and collaboration within the blockchain industry. This victory, achieved through bug bounties and a concerted effort by Alchemix, Curve Finance, and Metronome, underscores the potential for recovery in the face of cybersecurity threats. It also acts as a reminder of the industry’s ongoing commitment to security and serves as a valuable lesson about the importance of proactive measures against vulnerabilities.

Moving forward, blockchain projects can draw inspiration from this incident to strengthen their security measures and build a more resilient ecosystem. By embracing ethical engagement with hackers and fostering a community focused on restitution, the blockchain industry can continue to evolve and inspire trust among its participants.