Sturdy Finance Offered A $100,000 Bounty To Attacker

Key Points:

• Sturdy Finance said that the team sent an on-chain message to the attacker’s address, which offered a $100,000 reward if the attacker sent the stolen funds returned.
• Previously, the platform was hacked to steal 442 Ether (worth $800,000).

Decentralized lending protocol Sturdy Finance offered a $100,000 bounty to the attacker who siphoned 442 Ether from the platform on Monday.

Sam Forman, the project’s founder, confirmed today that his team had sent an on-chain message to the unknown attacker’s address. This message offers the perpetrator a bounty of $100,000 to return the stolen funds to a specified address owned by Sturdy, adding that the team will advocate for no criminal charges if the funds are returned.

This offer follows a security incident in which an attacker exploited a reentrancy vulnerability in one of Sturdy Finance’s liquidity pools. The vulnerability allowed the hacker to manipulate a price oracle and eventually siphon off funds.

“To the exploiter: as we have seen with recent hacks, exploits are not as easy to escape from as they used to be. That said, we are willing to offer you $100k as a bounty, and will not pursue you further if you send the remaining funds to 0x4e489d9863c9bAAc6C4917E1221274760BA889F5.

You can also contact us at sturdyfi@protonmail.com if you would like to discuss,” the message read.

As Coincu reported, Sturdy Finance has lost 442 Ether, worth almost $800,000, to a security exploit. The attacker exploited a vulnerability that eventually manipulated a faulty price oracle, allowing them to drain funds from the protocol.

On June 12, blockchain security firm PeckShield alerted Sturdy Finance and reported a transaction that seemed to be related to price manipulation. Almost an hour later, the DeFi protocol said that they were aware of the exploit and responded by pausing all their markets and assuring its users that no additional funds were at risk. The team reassured users that no other funds were at risk and that the platform’s security would be thoroughly investigated.

Despite a swift response from the DeFi lending platform, PeckShield confirmed that the attacker was able to transfer almost $800,000 in ETH to the crypto mixer Tornado Cash. The security firm also noted that the root cause of the exploit was a faulty price oracle.

Additionally, the blockchain security company BlockSec highlighted that the hack was done through a reentrancy attack, which is a common method hackers use to withdraw funds from DeFi protocols.

DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Harold

Coincu News