Decentralized finance (DeFi) platform Sturdy Finance has recently made a bold move by offering a $100,000 bounty to the hacker who exploited their protocol. The lending platform assured that its team won’t pursue the issue further if the attacker accepts the offer. On June 12, a loss of almost $800,000 in digital assets occurred as a result of the exploit. Security firms revealed that the vulnerability was due to a faulty price oracle and the hack was executed through a reentrancy attack. In response, Sturdy Finance paused all markets and reassured the community that other funds were not at risk.
Sturdy Finance founder Sam Forman tweeted that they are willing to offer $100,000 to the perpetrator if they agree to return the remaining funds to a specified wallet. Forman noted that recent hacks show that it is not as easy to evade exploits as it used to be. If the hacker agrees to the offer, Sturdy Finance will drop the issue. Forman also stated that the platform is open to discussing with the attacker.
Recent examples have shown that offering bounties to attackers may enable platforms to recover a portion of the hacked funds. In one of the biggest DeFi hacks this year, the Euler Finance team managed to recover 90% of the stolen funds by negotiating and offering a bounty to their attacker. Likewise, lending protocol Sentiment recovered $870,000 after an exploit by offering a bounty to the hacker. However, not all projects have experienced the same fortune. The Jimbos Protocol team offered an $800,000 bounty to the public after the attacker who performed an exploit on their platform ignored their bounty offer. The platform stated that anyone who could provide information leading to the hacker’s arrest or recovery of the funds would be eligible for the reward.
While some projects have successfully recovered stolen funds by negotiating with hackers, there is a valid concern that such negotiations may set a dangerous precedent. Offering bounties to hackers may encourage more exploitation attempts since attackers might assume they could get away with a portion of the stolen funds.
In conclusion, the approach taken by Sturdy Finance to offer a bounty to the hacker is a controversial one. On the one hand, it has the potential to recover a part of the lost funds. On the other hand, it could fuel more malicious activities. The outcome of this situation should be watched closely as it may set a precedent for how DeFi platforms approach similar scenarios in the future.
Source: Cointelegraph