Optimism-based Exactly Protocol that lost $7.3M million in a recent exploit is offering a bounty of $700,000 on any information that could lead to the arrest of the hacker and help recover lost funds.
The DeFi protocol revealed the cause of the exploit on August 19. The team behind Exactly Protocol revealed the vulnerability in the DebtManager periphery contract was manipulated by the hacker.
The attacker passed in a malicious market contract address, bypassing the permit check, and executed a malicious deposit function to steal the USDC deposited by users. The hacker then liquidated users’ assets to make a profit.
Exactly Protocol Fixes Vulnerability That Caused the Exploit
The DeFi announced on X, formerly Twitter, that the fix was proposed the next day after the exploit and it has already been approved and executed by the governance multisig.
In another post on X, the protocol’s team revealed that they also tried to negotiate the possible steps with the attacker.
In a message to the hacker, the protocol’s team wrote,
“We are ready to start a conversation about potential next steps. If you agree, let’s talk in private on blockscan via the Exactly Deployer address and one of your EOAS, via signed messages over email at [email protected], or any channel of your choice.”
The team behind the protocol updated yesterday that they did not receive a response from the attacker by the end of August 22. The team has now offered a $700,000 bounty for any information that could lead to the arrest of the hacker and recover the lost funds.
The protocol has also partnered with the on-chain analytics firm Chainalysis to trace back the funds lost to the exploit.
Recurring bridge exploits in the DeFi ecosystem have become a major issue for the crypto community, giving away more reasons for overall tighter regulations on the industry.
Earlier, Hundred Finance, a lending and borrowing DeFi protocol on the Optimism network, saw a major hack on 15 April. The hack led to the exploitation of $7 million worth of cryptocurrencies.