Reading 2 minutes Views 2 Published Updated
Decentralized finance (DeFi) platform Sturdy Finance has offered a $100,000 reward to a hacker who exploited the protocol. The lending platform said its team would not continue to pursue the matter if the attacker accepted the offer.
On June 12, the DeFi platform lost nearly $800,000 in digital assets when an attacker exploited vulnerabilities in the platform. Security firms determined that a flawed price oracle was the cause of the exploit, and the hack was carried out through a replay attack. In response, the platform suspended all markets and reassured the community that no other funds were at risk.
Just a day after the hack, Sturdy Finance founder Sam Foreman tweeted that they were offering the criminals $100,000 if they agreed to return the remaining funds to their designated wallet.
We’ve sent the following message to the Sturdy hacker on-chain:
“To the exploiter: as we have seen with recent hacks, exploits are not as easy to escape from as they used to be. That said, we are willing to offer you $100k as a bounty, and will not pursue you further if you send…
— Sam Forman (@pgpsam) June 12, 2023
According to Foreman, recent hacks have shown that evading exploits is not as easy as it used to be. The manager said that if the hacker accepted the offer, they were ready to drop the problem. Foreman also said that Sturdy Finance is open to discussion with the attacker.
Related: Hack Talks: Why Platforms With Inefficient Rewards Programs Pay a Higher Price
Recent exploits show that rewarding attackers may allow platforms to recover some of the hacked funds. On April 4, the Euler Finance team was able to recover 90% of stolen funds in one of the biggest DeFi hacks of the year by negotiating and offering a reward to their attacker. Similarly, Sentiment’s credit protocol returned $870,000 after the exploit by offering a reward to the hacker.
Despite some success in negotiating with hackers, not all projects are equally lucky. On June 1, the Jimbos Protocol team offered the public an $800,000 reward after an attacker who ran an exploit on their platform ignored their offer. According to the platform, anyone who can provide information that leads to the arrest of the hacker or the return of funds will be eligible for a reward.