Concentrated liquidity pool Crema Finance announced Thursday that after intense negotiations with a hacker, a chunk of its stolen funds had been returned—for a $1.6 million bounty.
What Happened: A hacker stole 69,422.9 SOL and about 6.5 million USDC stablecoin, worth about $9 million, on June 3. According to the company, the hacker lent a flash loan on the Solend decentralized finance protocol to add liquidity on Crema to positions.
The hacker then replaced authentic transaction fee data with forged data to claim a huge fee amount, worth about $9 million from the pool, to which the loan was lent. To minimize the impact, Crema suspended its smart contract after the exploit.
Crema initiated an investigation to ascertain the hacker’s identity. The original gas source of the hacker was traced, their discord handle was identified and fund movements were being monitored.
Simultaneously, Crema sent an on-chain message to the hacker and offered them to become a so-called white hat — or ethical hacker — and accept a bounty or face legal action.
“After a long negotiation, the hacker agreed to take 45,455 SOL as the white hat bounty. Now we have confirmed the receipt of 6064 ETH + 23967.9 SOL in four transactions,” Crema stated.
The company is unlikely to take legal action against the hacker since the stolen money has been returned.
Why It's Important: Crypto hacks are on the rise, according to a Yahoo Finance report. Security firm Immunefi reported that investors lost over $1.22 billion to hackers in the first three months of 2022. That's about eight times more than the $154 million lost in the first quarter of 2021.
Recently, Layer 1 blockchain protocol Harmony Protocol suffered a $100 million theft. Wrapped Ethereum (WETH), AAVE, SUSHI, DAI, Tether (USDT), and USD Coin were reportedly stolen.
The hacker rejected a $1 million bounty offered as part of negotiations.
Earlier this year, Qubit Finance's bridge was hacked for $80 million; bad actors stole $320 million from the Wormhole bridge; and in March, $622 million worth of Ethereum and USDC were stolen from Axie Infinity’s Ronin bridge.
Image courtesy of Pixabay
© 2022 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.