Solana-based liquidity protocol Crema Finance claims it has recovered most of the roughly US$9 million worth of assets stolen by a hacker on July 3:
Crema Finance negotiated an agreement with the hacker, whose identity remains unknown, which allowed the hacker to keep a portion of the stolen assets as a bug bounty in exchange for returning the remaining assets.
No Criminal Charges Likely
The hack on Crema Finance resulted in the theft of 69,422.9 SOL and 6,497,738 USDC – a combined total value of just over US$8.78 million.
Following what Crema Finance described as a “long negotiation”, the hacker agreed to return most funds but retained 45,455 SOL, currently valued at approximately US$1.7 million. The hacker was also referred to as “white-hat” and “ethical” in tweets by Crema Finance, suggesting the DeFi platform won’t be pursuing criminal charges.
Following the hack, the total value locked on Crema Finance fell dramatically, dropping as low as US$3 million on July 4, having sat at over US$12 million on the Saturday prior to the hack.
Crema Finance shared the transaction details proving the hacker had indeed returned 6,064 ETH and 23,967 SOL to its accounts:
1st ETH txn:https://t.co/CcCE9lRHep
— CremaFinance (@Crema_Finance) July 6, 2022
2nd ETH txn: https://t.co/riooC7YHwI
1st SOL txn:https://t.co/wRZfOXFe03
2nd SOL txn:https://t.co/oCrdtAqxAE
Smart Contract Suspended Pending Audit
Since the hack, Crema Finance’s smart contract has been suspended while its new smart contract code is being audited by blockchain security firm SlowMist. Crema Finance says the protocol will go live again once that audit is complete and its security can be assured:
It’s becoming increasingly common for hackers in the crypto space to agree to return most of the stolen assets in return for a bounty. In June, a high-profile case saw the the Ethereum rollup-solution Optimism hacked to the tune of US$17 million, with the hacker agreeing to return US$15 million worth of the stolen assets in return for a US$2 million bug bounty.