Crema DeFi hacker returns $8 million in stolen funds, awarded a $1.68 million bounty
Decentralized Finance (DeFi) company Crema and a hacker that attacked the platform over the weekend have reached an agreement that will see a majority of the stolen funds returned in exchange for a $1.68 million bounty.
In total, the hacker stole 69,500 SOL, which is worth about $2.3 million, and stablecoins worth about $6.5 million for a total of $8.8 million at the time.
Crema officials sent a message to the hacker on July 3, offering them $800,000 in exchange for the return of the stolen funds.
“Your addresses on both Solana and Ethereum, have been blacklisted and all eyes are on you right now. You have 72h from now to consider becoming a white hat and keeping $800k as the bounty,” the company said in a note to the hacker.
“And transfer remaining funds back to our contract-update-authority address. Otherwise the police and legal force will officially get involved and there will be endless tracing waiting for you.”
On Wednesday, the company said on Twitter that it had begun negotiating with the hacker and ended up agreeing to a deal where they kept 45,455 SOL – worth about $1.68 million – in exchange for the return of 6,064 ETH and 23,967.9 SOL, amounting to $8.3 million as of Thursday.
After a long negotiation, the hacker agreed to take 45455 SOL as the white hat bounty. Now we have confirmed the receipt of 6064 ETH + 23967.9 SOL in four transactions indicated below. A follow-up compensation plan will be released in 48h.— CremaFinance (@Crema_Finance) July 6, 2022
The company thanked incident responders at TRM Labs and several other security researchers for their help in responding to the incident.
The deal resolved yet another hack affecting a DeFi platform. Blockchain analysis firm Chainalysis said at least $2.2 billion was stolen from DeFi protocols in 2021.
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.