Operator Bot MEV White Hat 'c0ffeebabe.eth' Mengembalikan $5,4 Juta ke Curve Finance di Tengah Eksploitasi

Binance News · 2023-07-31T07:32:10.000Z

Operator bot MEV topi putih 'c0ffeebabe.eth' mengamankan dana dalam eksploitasi Curve dan kemudian mengembalikannya ke Curve Finance. Dalam tindakan peretasan etis yang terpuji, operator bot MEV dengan nama ENS 'c0ffeebabe.eth' mengembalikan 2.879 ETH (sekitar $5,4 juta) setelah eksploitasi Curve Finance. Dana tersebut telah diambil dari kumpulan likuiditas CRV-ETH. Curve Finance mengalami peretasan besar kemarin, yang terjadi dalam dua tahap terpisah. Awalnya, sekitar $26 juta disalahgunakan sebagai akibat dari kerentanan reentrancy dalam kumpulan pabriknya, yang memengaruhi berbagai proyek, termasuk JPEG'd, Metronome, dan Alchemix.

White hat MEV bot operator 'c0ffeebabe.eth' secured funds in the Curve exploit and later returned them to Curve Finance.
In a commendable act of ethical hacking, an MEV bot operator with the ENS name 'c0ffeebabe.eth' returned 2,879 ETH (approximately $5.4 million) following the Curve Finance exploit. The funds had been taken from the CRV-ETH liquidity pool.
Curve Finance experienced a significant hack yesterday, which transpired in two separate stages. Initially, an estimated $26 million was misappropriated as a result of a reentrancy vulnerability within its factory pools, affecting various projects, including JPEG'd, Metronome, and Alchemix.
The initial attack was followed by a second phase in which 7.1 million CRV ($4.4 million) and 7,680 wrapped ether ($14.37 million) were drained from Curve Finance's CRV-ETH pool. Utilizing an MEV bot, the ethical hacker 'c0ffeebabe.eth' skillfully front-ran a malicious attacker, safeguarding the aforementioned 2,879 ETH during the second phase. The funds were subsequently returned by 'c0ffeebabe.eth' to Curve's deployer address, presumably its rightful owner.
Code vulnerability under scrutiny:
The Curve incident was triggered by a vulnerability in an outdated version of the Vyper programming language, leading to reentrancy issues in Curve's smart code. This flaw allowed attackers to drain funds from multiple projects.
The total assets extracted from Curve pools due to this vulnerability and subsequent malicious activities have been estimated at a staggering $52 million by security firm PeckShield. However, after 'c0ffeebabe.eth's return, this amount would be estimated at $46.5 million.
Following the attack, Curve Finance's total value locked (TVL) plummeted dramatically. According to DefiLlama data, it fell from $3.26 billion on July 30 to $1.74 billion, marking an almost 46% drop within a 24-hour period.
 
 
 
 
 