Decentralized lending platform Sturdy Finance has declared a $100,000 bounty for the hacker who stole 442 ETH from the protocol. The lending protocol promised to let the matter slide if the hacker agreed to return the stolen funds and take the bounty.
This development comes after a hacker looted 442 ETH worth nearly $800,000 after exploiting an Oracle price discrepancy on the protocol on June 12. Blockchain security platform PeckShield had alerted Sturdy Finance after spotting the questionable transaction.
The Hack Bounty Offer: Sturdy Willing To Backdown If Hacker Surrenders Stolen Funds
Security firm BlockSec noted that the hacker carried out the shady operation through read-only reentrancy, allowing them to manipulate the BstETH-Stable price on the protocol. After confirming the loss, Sturdy Finance promised users that its team would resolve the matter and deliver updates.
In addition, the protocol suspended all market activities on its platforms while assuring users that other funds were safe. According to PeckShield’s update, the hacker transferred the loot through the infamous cryptocurrency mixer, Tornado Cash.
However, barely 24 hours after the incident, the founder of Sturdy Finance, Sam Forman, announced a bounty for the attacker(s). The stated condition for the $100,000 bounty is that the perpetrator returns the remaining funds to a specified wallet.
Forman noted that recent developments prove that escaping hack exploits has become more complicated than it used to be, stating that Sturdy Finance is open to discussing the offer.
Will Sturdy Finance’s Bounty Offer Succeed?
The Sturdy Finance hack incident isn’t the only recent exploitation in the DeFi space. DeFi protocols have experienced countless similar attacks over the past months. However, in a few instances, offering bounty has proven effective in recovering stolen funds from hackers.
On April 4, Euler Finance said it recovered 90% of funds stolen from the protocol on March 13. The firm confirmed it had lost over $196 million in assets in one of the biggest DeFi hack attacks this year. And the hacker drained millions of dollars in crypto assets, including USDC, Staked ETH, and wrapped BTC, from the platform through multiple flash loan transactions.
However, after disabling the vulnerable token module and offering a $1 million bounty, the hacker returned most of the stolen funds.
Another lending protocol, Sentiment, retrieved $870,000 via a bounty offer after a hack attack. The Safemoon hacker also returned $7.2 million in stolen funds in exchange for 20% of the $9 million loot.
For now, it is still uncertain whether Sturdy Finance’s bounty offering will yield the same success as Euler and Sentiment’s. For instance, the Jimbos hacker ignored the protocol’s $800,000 (10% of stolen funds) bounty after looting $7.5 million from the platform.
Featured image from Pixabay and chart from TradingView.com