A SlowMist report has revealed that over $7 million has been returned from an attack on the DeFi platform, Team Finance, in late October. The hacker who stole $14.5 million from Team Finance began returning the stolen assets to the project, including several mid-level tokens.
However, he demanded that 10% of the stolen funds be kept as a bounty. Before the hacker returned the funds, the CTO of TrustSwap, Ivan Reif, encouraged the hacker to return the funds by promising them a substantial financial reward or job offer.
A flaw in the smart contract that was omitted during the audits of the Team Finance protocol’s migration from the Uniswap v2 to v3 contract enabled the attack. As a result, activity on the protocol was suspended to reduce the amount of stolen funds.
The Team Finance protocol offers users services for token liquidity locking and vesting. According to the protocol, it has a token lock valued at over $2.6 billion and a liquidity lock value of $180 million.
Bounties And Hackers
It’s rare for hackers to return stolen funds, but since early 2022, there has been a turn of events with hackers either returning funds or being rewarded with bounties if they return the stolen funds. For instance, in the case of the OlympusDAO hack, hackers returned all the funds from a $300 million exploit.
Also, Transit Swap negotiated with hackers to return 70% of the stolen funds, after which the hackers received $690,000 as a bounty. Bounties have started to become popular among protocols. In January, a multichain hacker received $187,000 as a bug bounty after returning about $974,000 in ETH.
Also, crypto bridge Nomad offered the hacker of a $190 million exploit in August a 10% bounty for returning the funds. Another notable case is one of the world’s largest digital coin heists.
The hackers returned nearly all of their more than $610 million haul, saying they attacked the protocol “for fun” and to expose a vulnerability in the system. The victim was Poly Network, a peer-to-peer cryptocurrency platform.
Unfortunately, most hackers target protocols with high vulnerability or those not audited. The long-term sustainability of the DeFi industry depends on avoiding these blunders, and these bug bounties can even encourage more hackers to steal money if they think they can get away with it.