A hacker who took more than $9 million worth of Ethereum (ETH) from a decentralized lending platform has been issued a 10% bounty in a bid to reclaim the taken funds. The platform, whose identity is not revealed for security reasons, has confirmed the attack and is inviting the hacker to refund 90% of the taken assets in return for no prosecution.
How the Hack Happened?
The attack was targeted at a loophole in the smart contract protocol of the platform, enabling the attacker to:
- Manipulate a loophole in liquidity pools to siphon out excess ETH.
- Withdraw millions in funds within a matter of minutes.
- Transfer the stolen ETH from one wallet to another in layers to hide its source.
Security researchers monitoring the hacker’s wallet activity saw the funds rapidly scattered across decentralized exchanges and privacy mixers, becoming harder to retrieve.
The 10% Bounty Offer
Through a statement, the lending platform approached the hacker with an offer:
- Return 90% of the hacked money and retain 10% as a bounty.
- Prevent legal action in case of voluntary return of assets.
- Negotiate on terms through an anonymous blockchain messaging mechanism.
The developers of the platform are seeking to resolve the issue without legal recourse and reclaim funds for compromised users.
What’s Next for the Hacker?
The hacker now faces three possible choices:
- Accept the 10% bounty and return most of the funds.
- Keep all the stolen ETH, risking legal consequences and blockchain tracing efforts.
- Use a mixing service to further hide transactions and attempt to cash out.
Past Cases of Hackers Accepting Bounties
This isn’t the first time crypto platforms have negotiated with hackers to recover stolen funds. Some notable cases include:
- Poly Network Hack (2021): A hacker stole $600M+ but then returned the money after negotiations.
- Nomad Bridge Hack (2022): The platform provided a bounty, and as a result, some funds were voluntarily returned.
These examples indicate that hackers sometimes opt for the bounty instead of risking prosecution.
Security Concerns in DeFi Lending
This event points to persistent security threats in decentralized finance (DeFi), where vulnerabilities in smart contracts can result in huge financial losses. Experts suggest that:
- Developers perform thorough, smart contract audits.
- Users exercise caution when putting money into new platforms.
- DeFi projects have bug bounty programs to identify vulnerabilities before they are exploited.
As the $9 million Ethereum hack continues, the hacker’s next step is unknown. Whether they take the bounty offer or try to slip away from blockchain tracking, the case is a reminder of security vulnerabilities in DeFi lending platforms once again. Investors and projects need to place utmost importance on security measures so that future exploits can be avoided.