1. Home
  2. Bounty offer

Bounty offer

DeFi protocol Sturdy Finance offers $100K bounty to hacker if funds are returned

Sturdy Finance founder Sam Forman said the company will not pursue the issue any further if the hacker accepts the offer and returns the remaining funds.

Decentralized finance (DeFi) platform Sturdy Finance has offered a $100,000 bounty to the hacker that exploited the protocol. The lending platform said that its team won't pursue the issue further if the attacker accepts the offer. 

On June 12, the DeFi platform suffered a loss of almost $800,000 in digital assets when an attacker exploited vulnerabilities within the platform. Security firms pinpointed that the cause of the exploit was a faulty price oracle and the hack was carried out through a reentrancy attack. In response, the platform paused all markets and assured the community that other funds are not at risk.

Just a day after the hack, Sturdy Finance founder Sam Forman tweeted that they are offering $100,000 to the perpetrators if they agree to return the remaining funds to a wallet they specified.

According to Forman, recent hacks showed that it’s not as easy to evade exploits as it used to be. The executive said that if the hacker accepts the offer, they are willing to drop the issue. Forman also said Sturdy Finance is open to discussing with the attacker. 

Related: Hack negotiations: Why platforms with ineffective bounty programs pay a higher price

Recent exploits show that offering bounties to attackers may allow platforms to recover a portion of the hacked funds. On April 4, the Euler Finance team was able to recover 90% of the stolen funds in one of the biggest DeFi hacks this year by negotiating and offering a bounty to their attacker. Similarly, lending protocol Sentiment recovered $870,000 after an exploit by offering a bounty to the hacker.

Despite some showing success in negotiations with hackers, not all projects share the same luck. On June 1, the Jimbos Protocol team offered an $800,000 bounty to the public after the attacker who performed an exploit on their platform ignored their bounty offer. According to the platform, anyone who can provide information that leads to the hacker’s arrest or the recovery of the funds will be eligible for the reward.

Magazine: Should crypto projects ever negotiate with hackers? Probably

Got rich off Bitcoin? Unchained explains how multisig wallets protect investors’ BTC