Author

Topic: Hacker attacks again (Read 410 times)

full member
Activity: 1092
Merit: 227
August 17, 2023, 11:41:01 AM
#39
The smart choice here would be to just take the 10% and live freely. I know highly-technical crypto users can evade traceability by doing things correctly, but it only takes one mistake mistake to get yourself in handcuffs. Having more money isn’t worth it if you’ll be on-the-run(virtually) forever.

Haha, that is really funny because the hacker seems to be complete idiot to me. I am not sure how he ended with such bullshit decision of not accepting the offer. I can not imagine someone just leaving the millions of dollars just like that.

Now to identiy the hacker himself they are offering bounty of millions of dollars. According to the source mtnioned in the OP we can clearly read that anyone who identify it will get:

Quote
anyone who can identify the attacker will now be rewarded with assets worth $1.85 million.

That is a whopping $1.85 million just to identify. Obviously this not gonna be easy and will be riddle for many but those who were close to this case from beginning must have kept an eye on the initial hacker who supported the case. Now its all about the "back tracing" and also keeping keen eye on the movement of any funds during this transition from their wallets.
sr. member
Activity: 1610
Merit: 264
August 17, 2023, 10:10:22 AM
#38
I haven't followed this incident but there have been cases before that it happened too. Offered a bounty to the hacker but then, in a way that I don't know how the authorities managed to get probably a footprint or trace from the logs or whatsoever in technicality, the hacker got caught. It could possibly be an ego thing or whatnot but I agree that it's best to just take the offer and then let it call quits and that's it. No need to prove that he's the best and just stop fooling around with people's money.
There could have been possibly an internal investigation within the pools. Surely they had user of interest, but hey we'll never know who's who.
Yup, we'll never know if there's an internal attack or inside job regards to this hack. But they better be sure and do all investigations that they can and if they're suspecting one or a few of their people is part of it, they need to do in-depth investigations just to prove if the malice is wrong or right.
I doubt that everything would be brought to light anyway. I mean scams even outside crypto are so bad that there are authorities willing to be paid or bribed just to avoid getting exposed. It surely will kill the reputation of any company.

Crypto or not, people will find a way to remove traces or footprints in the best way they can do so.

I've been following some scambaiters for quite a while, so this kind of topic is a bit familiar to me.
hero member
Activity: 1106
Merit: 912
Not Your Keys, Not Your Bitcoin
August 17, 2023, 09:23:54 AM
#37
Now, let's have an update about the curve finance. recently it had an issue where a hacker entered it and it happened on July 30, 2023. So what Curve did was they offered the hacker to return its fund and they will give 10% bounty rewards. And it will not be charged or imprisoned. The offer was accepted and the stolen assets were returned. But the hacker did not complete its full refund from other pools.

Because it has a deadline now it has passed. Now the rewards are offered just to identify the attackers. Also, what do you think is the reason and why did the hacker return the funds to another protocol? he said
Quote
He doesn't want to ruin the project.
and that's not the reason he's afraid of being identified.

Because it seems that what the hacker wants to release or make him look like is that the authorities cannot identify him. Let's see what happens here, because we know that the hacker is not invincible because there are and still are others caught. What happened to the Bitfinex hacker even after a long time was still caught. But if it turns out that a north Korwan hacker was able to access curve finance, it is unlikely to be recovered for sure.

Source: https://m.investing.com/news/cryptocurrency-news/curve-finance-opens-bounty-after-exploiters-return-deadline-expires-3146166

It still baffle me how decentralized exchanges and protocols are insecured and prone to hacking, even the centralized exchanges don't get this level of hack exposures like the way this protocol does and it beg the question whether they need to be fully audited for the safety of the public, special auditing by other firms that focus on decentralization, at least seeing them exposed to some hacked attempt of beta test before the public, if that will save the sanity of these public theft, I will love it.

It obvious that whoever that hacker is, must have some information within the group or perhaps it was a fully insider work and the person is playing mind games just to avoid tracing or who knows he is not that expert in hacking to cover his tracks, otherwise there are people that are very good in hacking and will get away with whatever they stole, the coins or tokens they stole could be trace but their identity will remain unknown forever; there are some BTC that have been stolen for ages, they are visible in some wallets but how they move those BTC are steal unknown.
hero member
Activity: 938
Merit: 605
Leading Crypto Sports Betting & Casino Platform
August 15, 2023, 01:40:52 AM
#36

What beautiful is there in life in having so much money but with no peace of mind and freedom of movement to spend it. Always on the look if you're being chased with every stranger in your path looking like a suspect.
Why not be contented with a 10% of that stolen amount that gives you a free life. And there's a probability that the company might wanna hire him to make use of his skills in their advantage (all things been equal).


You know, you're right about it dude. Just from the 10% that will be paid to him as bounty rewards that he got without any difficulty, he will be able to live luxuriously there in truth. Then he can even be given a good job because of his skills.

That's why the hacker was still greedy, he was still stubborn, as if he wasted the opportunity to correct the mistake he made, that's why he ignored the opportunity that he can't get back. I'm sure he'll regret it in the end and as you also said, there's no peace of mind either, 100% sure of that.
Hackers are difficult to understand, after all someone with the level of knowledge could have been easily hired by many top companies and could be making a lot of money legally without the risk of ever facing jail time.

And yet that is precisely the decision they took when they became hackers, so as illogically as it may seem to us the decision to not return the money despite the huge bug bounty offered is consistent with the decision to become a hacker to begin with.
I think this very hacker in question has sworn to do things always and only in the way in life, and there's nothing short of that. There are people in life that are excited doing things they could have done legally in an illegal way, and if an opportunity emerges for them to move over to the legal side of such thing they will deliberately resist just in the case with this very hacker. From all indication it's not that the 10% bounty offered to him is too small an amount but because he love what he's doing in the way he's doing it and wouldn't wanna stop in the easy way unless force is used on him.
legendary
Activity: 2422
Merit: 1083
Leading Crypto Sports Betting & Casino Platform
August 15, 2023, 12:16:14 AM
#35
As I learnt from a news article I read online, the hacker or hackers carted away with $62 million dollars, thats a lot of money to be honest, and i wonder what the hacker will be doing with all that money if he decides to keep it, and like we all have learnt that curve finance is offering to pay the hacker 10 percent of the money if he returns it, 10 percent of $62 million dollars is exactly $6.2 million dollars, now, thats another hefty sum of money to get for(is it right if i use the word..) free, if i am the hacker, i did take this offer and forget everything about hacking, $6.2 million dollars if rightly invested, the person and his generation will never know what is called poverty anymore, and the good part is that, you live your life free without having to watch your back to know when been chased by the authorities..

Anyways, every man to his own, lets see how this plays out in the end .
full member
Activity: 1540
Merit: 219
August 14, 2023, 11:38:10 PM
#34
The smart choice here would be to just take the 10% and live freely. I know highly-technical crypto users can evade traceability by doing things correctly, but it only takes one mistake mistake to get yourself in handcuffs. Having more money isn’t worth it if you’ll be on-the-run(virtually) forever.
Nah, the fact that they offered a bounty for the identity of the hacker means that the hacker still has the time advantage to cover his tracks which I am sure is what's going to happen, although not all hackers are created equal, this hacker probably doesn't know how to clean his online tracks which is a good thing for the investigators and online sleuths. Technically, if he was anonymous all throughout the hack and he has a way to transfer the stolen money without the people who he stole it from being able to track it, he won't be on the run forever.
hero member
Activity: 2814
Merit: 734
Bitcoin is GOD
August 14, 2023, 10:52:20 PM
#33

What beautiful is there in life in having so much money but with no peace of mind and freedom of movement to spend it. Always on the look if you're being chased with every stranger in your path looking like a suspect.
Why not be contented with a 10% of that stolen amount that gives you a free life. And there's a probability that the company might wanna hire him to make use of his skills in their advantage (all things been equal).


You know, you're right about it dude. Just from the 10% that will be paid to him as bounty rewards that he got without any difficulty, he will be able to live luxuriously there in truth. Then he can even be given a good job because of his skills.

That's why the hacker was still greedy, he was still stubborn, as if he wasted the opportunity to correct the mistake he made, that's why he ignored the opportunity that he can't get back. I'm sure he'll regret it in the end and as you also said, there's no peace of mind either, 100% sure of that.
Hackers are difficult to understand, after all someone with the level of knowledge could have been easily hired by many top companies and could be making a lot of money legally without the risk of ever facing jail time.

And yet that is precisely the decision they took when they became hackers, so as illogically as it may seem to us the decision to not return the money despite the huge bug bounty offered is consistent with the decision to become a hacker to begin with.
hero member
Activity: 2170
Merit: 530
August 13, 2023, 04:01:27 PM
#32
I haven't followed this incident but there have been cases before that it happened too. Offered a bounty to the hacker but then, in a way that I don't know how the authorities managed to get probably a footprint or trace from the logs or whatsoever in technicality, the hacker got caught. It could possibly be an ego thing or whatnot but I agree that it's best to just take the offer and then let it call quits and that's it. No need to prove that he's the best and just stop fooling around with people's money.
Yes, we can call it as  bug Bounty, it is good to have when you are working with your product. It can help anyone to see if the contract has vulnerable and loop holes. Bug Bounty is a quite good in rewards, but it will require some knowledge and coding skills to test and extract the contract. I am still learning solidity that's why I am not yet comfortable working as QA in any work.
legendary
Activity: 3052
Merit: 1188
August 11, 2023, 01:31:23 PM
#31
I recall months ago or two years ago, there is a hack and after that a hacker refunds to the project. People extrapolate that hack like an inorganic drama from that project team to create their pump and dump games.

I don't know what other people think about it but I see it is reasonable. Hacks a project, drains its treasury but then refunds it without any benefit but meanwhile and later can face with risk of reported by the victim project and arrested by police as well as in worst legal scenario, will be put in jails.

I will not play such dumb games like that if I am a hacker.

But if  I am an internal team member and want to set up an internal hack to dump tokens and days later refund hacked amount to bump tokens again, I will have many reasons to do such hack-and-refund.
I think its quite obvious that a hacker who tries to hack into anything would know that there will be some consequences. The first part of any hacking attempt would be to realize that you are going to be followed, and everyone will try to learn who you are, and every step you take will be watched with thousand eyes at least, so you need to make sure that nobody knows who you are.

If you can do that then you are going to end up with a good result, but if you are not careful about it then you are going to end up with a terrible result eventually. This is why you should be considering the fact that its not going to end up being that easy, and you should be careful about what's happening most of the time and get a better result.
hero member
Activity: 406
Merit: 443
August 11, 2023, 10:06:35 AM
#30
usually, they would take time to move the funds, like years in the making. they are very careful on how they transfer those stolen funds. should be meticulously done because one wrong move, they will be caught as the authorities are on the lookout for them. they can easily be uncovered with one wrong transaction made from that stolen funds. and if the amount is huge, expect there will be discreet investigations on the hot addresses involved.
And this is why mixers would really be the most common place on which these stolen or hacked funds would really be going into specially if the hacker would really be deciding on cashing out these money then for

Here you need to trust these mixers, but suppose you have mixed perfectly, how will you justify to the government that you suddenly became a millionaire, you need to sell these bitcoins for cash, and then it is almost impossible to succeed in proving the source of your money.

Money laundering is not easy, and at some point you will have to trust one of the parties, which may eventually lead to your exposure, and the arrest of Chipmixer admin is the best evidence of the ability of governments to track individuals.

So instead of all this headache, if hacker got a 10% deal, he wouldn't think of turning it down.
hero member
Activity: 896
Merit: 586
Leading Crypto Sports Betting & Casino Platform
August 11, 2023, 10:03:58 AM
#29
Maybe the hacker feels that he is a pro and wouldn't be traced but if he does his clean up well and leaves no trace,he might be safe from been caught but nobody knows what will happen tomorrow. So if I was the hacker no matter how good I am,I will accept the 10% and return back all the stolen funds to avoid going to jail and live a peaceful life.

The hacker is greedy and he will pay for his greed someday because he will get caught. It might take days,months or years to catch the hacker because locating him now has an offer that was suppose to be his. This means that maybe he only returned little part of the funds.
sr. member
Activity: 658
Merit: 441
August 11, 2023, 10:00:24 AM
#28
Now, let's have an update about the curve finance. recently it had an issue where a hacker entered it and it happened on July 30, 2023. So what Curve did was they offered the hacker to return its fund and they will give 10% bounty rewards. And it will not be charged or imprisoned. The offer was accepted and the stolen assets were returned. But the hacker did not complete its full refund from other pools.

Because it has a deadline now it has passed. Now the rewards are offered just to identify the attackers. Also, what do you think is the reason and why did the hacker return the funds to another protocol?
This is a dumb move, you have 10% given to you for your troubles, that's about  more than $6 million as a reward which is still a great deal of money. Why not take it and have peace of mind instead of running and be looking out on your shoulders all the days of your life? If you knew you weren't going to return the 90% of the stolen funds curve finance was asking for, why did you send part of it at the first place? Maybe he thinks if he's eventually caught his sentence would be lessen. This doesn't make sense at all, I strongly he's going to leave some kind of trail and will be caught some day.
hero member
Activity: 1666
Merit: 453
August 11, 2023, 05:58:13 AM
#27

What beautiful is there in life in having so much money but with no peace of mind and freedom of movement to spend it. Always on the look if you're being chased with every stranger in your path looking like a suspect.
Why not be contented with a 10% of that stolen amount that gives you a free life. And there's a probability that the company might wanna hire him to make use of his skills in their advantage (all things been equal).


You know, you're right about it dude. Just from the 10% that will be paid to him as bounty rewards that he got without any difficulty, he will be able to live luxuriously there in truth. Then he can even be given a good job because of his skills.

That's why the hacker was still greedy, he was still stubborn, as if he wasted the opportunity to correct the mistake he made, that's why he ignored the opportunity that he can't get back. I'm sure he'll regret it in the end and as you also said, there's no peace of mind either, 100% sure of that.
hero member
Activity: 938
Merit: 605
Leading Crypto Sports Betting & Casino Platform
August 11, 2023, 02:13:26 AM
#26
Now, let's have an update about the curve finance. recently it had an issue where a hacker entered it and it happened on July 30, 2023. So what Curve did was they offered the hacker to return its fund and they will give 10% bounty rewards. And it will not be charged or imprisoned. The offer was accepted and the stolen assets were returned. But the hacker did not complete its full refund from other pools.

Because it has a deadline now it has passed. Now the rewards are offered just to identify the attackers. Also, what do you think is the reason and why did the hacker return the funds to another protocol? he said
Quote
He doesn't want to ruin the project.
and that's not the reason he's afraid of being identified
What beautiful is there in life in having so much money but with no peace of mind and freedom of movement to spend it. Always on the look if you're being chased with every stranger in your path looking like a suspect.
Why not be contented with a 10% of that stolen amount that gives you a free life. And there's a probability that the company might wanna hire him to make use of his skills in their advantage (all things been equal).

Quote
Because it seems that what the hacker wants to release or make him look like is that the authorities cannot identify him. Let's see what happens here, because we know that the hacker is not invincible because there are and still are others caught. What happened to the Bitfinex hacker even after a long time was still caught. But if it turns out that a north Korwan hacker was able to access curve finance, it is unlikely to be recovered for sure.

Source: https://m.investing.com/news/cryptocurrency-news/curve-finance-opens-bounty-after-exploiters-return-deadline-expires-3146166
My people use to say, "they use a better thief to catch a thief", he may try to hide his identity but for how long. He can't be the very best hacker in the world as there are a thousands of others like him who would spontaneously agree to take the 10%  and hunt him down at all cost and he eventually will be caught. And then what!
hero member
Activity: 2926
Merit: 722
DGbet.fun - Crypto Sportsbook
August 10, 2023, 06:32:25 PM
#25
If a hacker worries about legal problems from hacking and fund steal because these activities are illegal, the hacker will not do it. After hacking massive fund, then start to think about legal problems, it is not logic.

Not only legal problems, but suppose, for example, that you were able to hack a platform and collect $ 500 million, how will you be able to launder this money or transfer it to something legal without revealing your identity?


This is why I think it is going to be quite important that we are going to end up with no company accepting that and making sure that anyone who tries to hack into any company will end up getting the court chasing them and they will always be on the run trying to hide and never come out and that's why it is scary to hack into big companies.

Yes, but is it hard to hack these projects?

Sometimes the material value of the hack is not important.

A company may pay hackers to thwart a competing company like coinbase pay for some hackers to hack Binance hot wallet.
We can see it in DDOS attacks. If these massive attacks did not exist, no one would use Cloudflare, which some goverMments may use to obtain data.

usually, they would take time to move the funds, like years in the making. they are very careful on how they transfer those stolen funds. should be meticulously done because one wrong move, they will be caught as the authorities are on the lookout for them. they can easily be uncovered with one wrong transaction made from that stolen funds. and if the amount is huge, expect there will be discreet investigations on the hot addresses involved.
And this is why mixers would really be the most common place on which these stolen or hacked funds would really be going into specially if the hacker would really be deciding on cashing out these money then for

sure their primary option would be mixers and its true that once a wallet is really that been monitored then this hackers wont really be that a fool on giving out traces which would really be revealing out their identity on which it would really be that common that they would really be making use of the most efficient and most safest way on deleting or erasing their tracks on which this is via mixers.
It is really that unlikely that we are seeing that there are hackers which do give out those funds back into the team or project owners on which they might be having able to feel out some conscience or regret
on the time that they do stole up users or investors money?

Well, there still humanity into those hackers which they should really be grateful at least but instead they do make out some bounties for them to be caught out but well it is
really that a normal approach or reaction to be made though.
legendary
Activity: 3122
Merit: 1102
Leading Crypto Sports Betting & Casino Platform
August 10, 2023, 05:26:04 PM
#24
If a hacker worries about legal problems from hacking and fund steal because these activities are illegal, the hacker will not do it. After hacking massive fund, then start to think about legal problems, it is not logic.

Not only legal problems, but suppose, for example, that you were able to hack a platform and collect $ 500 million, how will you be able to launder this money or transfer it to something legal without revealing your identity?


This is why I think it is going to be quite important that we are going to end up with no company accepting that and making sure that anyone who tries to hack into any company will end up getting the court chasing them and they will always be on the run trying to hide and never come out and that's why it is scary to hack into big companies.

Yes, but is it hard to hack these projects?

Sometimes the material value of the hack is not important.

A company may pay hackers to thwart a competing company like coinbase pay for some hackers to hack Binance hot wallet.
We can see it in DDOS attacks. If these massive attacks did not exist, no one would use Cloudflare, which some goverMments may use to obtain data.

usually, they would take time to move the funds, like years in the making. they are very careful on how they transfer those stolen funds. should be meticulously done because one wrong move, they will be caught as the authorities are on the lookout for them. they can easily be uncovered with one wrong transaction made from that stolen funds. and if the amount is huge, expect there will be discreet investigations on the hot addresses involved.
full member
Activity: 952
Merit: 232
August 10, 2023, 05:09:51 PM
#23
Now, let's have an update about the curve finance. recently it had an issue where a hacker entered it and it happened on July 30, 2023. So what Curve did was they offered the hacker to return its fund and they will give 10% bounty rewards. And it will not be charged or imprisoned. The offer was accepted and the stolen assets were returned. But the hacker did not complete its full refund from other pools.

Because it has a deadline now it has passed. Now the rewards are offered just to identify the attackers. Also, what do you think is the reason and why did the hacker return the funds to another protocol? he said
Quote
He doesn't want to ruin the project.
and that's not the reason he's afraid of being identified.

Because it seems that what the hacker wants to release or make him look like is that the authorities cannot identify him. Let's see what happens here, because we know that the hacker is not invincible because there are and still are others caught. What happened to the Bitfinex hacker even after a long time was still caught. But if it turns out that a north Korwan hacker was able to access curve finance, it is unlikely to be recovered for sure.

Source: https://m.investing.com/news/cryptocurrency-news/curve-finance-opens-bounty-after-exploiters-return-deadline-expires-3146166

It sounds like to me that the hacker realized that he made some sort of mistake and sooner or later he would be caught, therefore if he returned the money, perhaps the investigations against him would halt. I don't think that is how the law works. He is still going to be investigated. And as I said, there is no such thing as never getting caught. Sooner or later everyone slips up and makes mistakes that they cannot undo.

I do not buy his excuse of "not wanting to ruin the project". He knew exactly what he was doing and what damage it would have. There is no use in pretending to be a decent human being now.
Perhaps, the hacker doesn't want the transaction traced upon returning the stolen funds.
Its funny the hacker even took the 10% hook. Non-the-less, justice will find the hacker or members of the project, because I don't think it's only a one man idea to do such.

If there's one thing I also know about using falsification to amass wealth, it's that it would fail oneday. The hacker would have taken the 10% bounty offer wholeheartedly and moved onto some other project instead of arousing attention.
legendary
Activity: 2240
Merit: 1993
A Bitcoiner chooses. A slave obeys.
August 10, 2023, 11:01:04 AM
#22
Now, let's have an update about the curve finance. recently it had an issue where a hacker entered it and it happened on July 30, 2023. So what Curve did was they offered the hacker to return its fund and they will give 10% bounty rewards. And it will not be charged or imprisoned. The offer was accepted and the stolen assets were returned. But the hacker did not complete its full refund from other pools.

Because it has a deadline now it has passed. Now the rewards are offered just to identify the attackers. Also, what do you think is the reason and why did the hacker return the funds to another protocol? he said
Quote
He doesn't want to ruin the project.
and that's not the reason he's afraid of being identified.

Because it seems that what the hacker wants to release or make him look like is that the authorities cannot identify him. Let's see what happens here, because we know that the hacker is not invincible because there are and still are others caught. What happened to the Bitfinex hacker even after a long time was still caught. But if it turns out that a north Korwan hacker was able to access curve finance, it is unlikely to be recovered for sure.

Source: https://m.investing.com/news/cryptocurrency-news/curve-finance-opens-bounty-after-exploiters-return-deadline-expires-3146166

It sounds like to me that the hacker realized that he made some sort of mistake and sooner or later he would be caught, therefore if he returned the money, perhaps the investigations against him would halt. I don't think that is how the law works. He is still going to be investigated. And as I said, there is no such thing as never getting caught. Sooner or later everyone slips up and makes mistakes that they cannot undo.

I do not buy his excuse of "not wanting to ruin the project". He knew exactly what he was doing and what damage it would have. There is no use in pretending to be a decent human being now.
hero member
Activity: 406
Merit: 443
August 10, 2023, 07:58:36 AM
#21
If a hacker worries about legal problems from hacking and fund steal because these activities are illegal, the hacker will not do it. After hacking massive fund, then start to think about legal problems, it is not logic.


Not only legal problems, but suppose, for example, that you were able to hack a platform and collect $ 500 million, how will you be able to launder this money or transfer it to something legal without revealing your identity?



This is why I think it is going to be quite important that we are going to end up with no company accepting that and making sure that anyone who tries to hack into any company will end up getting the court chasing them and they will always be on the run trying to hide and never come out and that's why it is scary to hack into big companies.

Yes, but is it hard to hack these projects?

Sometimes the material value of the hack is not important.

A company may pay hackers to thwart a competing company like coinbase pay for some hackers to hack Binance hot wallet.
We can see it in DDOS attacks. If these massive attacks did not exist, no one would use Cloudflare, which some goverMments may use to obtain data.
legendary
Activity: 2688
Merit: 3983
August 10, 2023, 07:00:24 AM
#20
It depends on the ingenuity of the technical and legal team. If you were able to track down and locate and name the hackers, and there was a clear indication in the system that this money belongs to the designated party, and that exploiting a loophole in the system means the legal issue, you may be able to present it to the court without paying anything.
The main difficulty lies in locating the hackers and the currencies, as sometimes even if you manage to locate the hackers, he may refuse to pay, and therefore he will be imprisoned, and you will lose your money.
Negotiations are always a compromise when there is no solution or it is not possible to know the location of scammer.
hero member
Activity: 3164
Merit: 675
www.Crypto.Games: Multiple coins, multiple games
August 10, 2023, 03:35:00 AM
#19
If there was a deal like returning 10% and closing the case, which hacker would want it? After all, laundering millions of dollars will not be easy, and you will always be afraid of being caught.
10% is a good amount and he may not have to pay taxes if he does not sell it, all he needs is to wait for several years and he will have an amount equal to approximately 30% to 50% of the stolen amount legally instead of getting 100% with the fear of being arrested.

most systems tend to give rewards for finding bugs instead of entering into negotiations with hackers that may lead to a loss of 10% of the hot wallet.
I think that should be possible, I mean if it was the case then you could legally hack any place you want and return 90% of it and then keep the 10% and still be rich. Think about hacking binance one day, even if you just get into their hot wallet that's still a lot of money, that's literally a huge big company sized thing, not just some shop or anything, I mean like literally IPO level of thing right there.

This is why I think it is going to be quite important that we are going to end up with no company accepting that and making sure that anyone who tries to hack into any company will end up getting the court chasing them and they will always be on the run trying to hide and never come out and that's why it is scary to hack into big companies.
full member
Activity: 2086
Merit: 193
August 10, 2023, 03:09:37 AM
#18
Now, let's have an update about the curve finance. recently it had an issue where a hacker entered it and it happened on July 30, 2023. So what Curve did was they offered the hacker to return its fund and they will give 10% bounty rewards. And it will not be charged or imprisoned. The offer was accepted and the stolen assets were returned. But the hacker did not complete its full refund from other pools.
What can we expect from those hackers, it's rare though that they accept the offer maybe the company knows the hackers and to avoid being compromised, that's why they accepted it. Well, hackers are always there I wonder if they still have the plan to hack the system again. Cheesy
Also confused about talking legality here where in the first place they are doing illegal things.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
August 10, 2023, 02:59:43 AM
#17
If there was a deal like returning 10% and closing the case, which hacker would want it? After all, laundering millions of dollars will not be easy, and you will always be afraid of being caught.
If a hacker worries about legal problems from hacking and fund steal because these activities are illegal, the hacker will not do it. After hacking massive fund, then start to think about legal problems, it is not logic.

Quote
10% is a good amount and he may not have to pay taxes if he does not sell it, all he needs is to wait for several years and he will have an amount equal to approximately 30% to 50% of the stolen amount legally instead of getting 100% with the fear of being arrested.
I don't think discussing about percent of total hacked amount as bounty for hacker is not worth to discuss. As it will raise a concern that hackers will try to do as biggest hacks as possible because what they earn legally after refund will be big no matter what percent of bounty paid by the project.

Like if you are hackers with $10M, don't refund to project and go to jail. In contrast, if you are hackers with $500M, refund to that project then get a bounty reward like $50M but because it is legally, as it not supposed to be, will be fine with government. It's not logic at all.

Quote
most systems tend to give rewards for finding bugs instead of entering into negotiations with hackers that may lead to a loss of 10% of the hot wallet.
It is bug bounty and serious projects have very generous bug bounty rewards for people who find and report serious bugs which can be harmful for their platforms if bad guys exploit it.
hero member
Activity: 406
Merit: 443
August 09, 2023, 08:02:44 AM
#16
If there was a deal like returning 10% and closing the case, which hacker would want it? After all, laundering millions of dollars will not be easy, and you will always be afraid of being caught.
10% is a good amount and he may not have to pay taxes if he does not sell it, all he needs is to wait for several years and he will have an amount equal to approximately 30% to 50% of the stolen amount legally instead of getting 100% with the fear of being arrested.

most systems tend to give rewards for finding bugs instead of entering into negotiations with hackers that may lead to a loss of 10% of the hot wallet.
hero member
Activity: 1288
Merit: 564
Bitcoin makes the world go 🔃
August 09, 2023, 07:02:48 AM
#15
They really should of offered these 10% bounty’s back in the MtGox and Bitfinex days. I am pretty sure most of the hackers would of just took it. I think most of the bitfinex funds were never moved and years later they got caught anyways. No idea if the mtgox funds were ever spent. I know that one is in a top5 BTC holder address and hasn’t moved.

Most of the transactions happened when MtGox hacked was P2P in able to convert Bitcointo fiat and there’s no or only few entities that specialize tracking for crimes since Bitcoin that time is not huge compared today. The money that being scammed that time is not that huge compared that even a simple DeFi dapps holds huge amount of money.

Hackers back then is very free to do whatever they want without a serious threat of being detected because there’s still not enough technology to track them compared to our current date which chainalysis is very common service.
hero member
Activity: 3136
Merit: 591
Leading Crypto Sports Betting & Casino Platform
August 09, 2023, 06:53:38 AM
#14
I haven't followed this incident but there have been cases before that it happened too. Offered a bounty to the hacker but then, in a way that I don't know how the authorities managed to get probably a footprint or trace from the logs or whatsoever in technicality, the hacker got caught. It could possibly be an ego thing or whatnot but I agree that it's best to just take the offer and then let it call quits and that's it. No need to prove that he's the best and just stop fooling around with people's money.
There could have been possibly an internal investigation within the pools. Surely they had user of interest, but hey we'll never know who's who.
Yup, we'll never know if there's an internal attack or inside job regards to this hack. But they better be sure and do all investigations that they can and if they're suspecting one or a few of their people is part of it, they need to do in-depth investigations just to prove if the malice is wrong or right.

So with these defi hacks, it’s better for them to just take the 10%. Rather than leave the funds on the wallet for a decade and then basically get caught anyways.
Agree, 100%. They can go away without any problem freely while receiving 10% of the money. Best resort for both sides.
legendary
Activity: 3808
Merit: 1723
August 08, 2023, 11:38:14 PM
#13
They really should of offered these 10% bounty’s back in the MtGox and Bitfinex days. I am pretty sure most of the hackers would of just took it. I think most of the bitfinex funds were never moved and years later they got caught anyways. No idea if the mtgox funds were ever spent. I know that one is in a top5 BTC holder address and hasn’t moved.

So with these defi hacks, it’s better for them to just take the 10%. Rather than leave the funds on the wallet for a decade and then basically get caught anyways.
hero member
Activity: 2814
Merit: 734
Bitcoin is GOD
August 08, 2023, 11:07:12 PM
#12
The smart choice here would be to just take the 10% and live freely. I know highly-technical crypto users can evade traceability by doing things correctly, but it only takes one mistake mistake to get yourself in handcuffs. Having more money isn’t worth it if you’ll be on-the-run(virtually) forever.

It's just that based on the source given by op, all the funds were not returned back to the protocol that is said, which means that the hacker is not worried about whatever the authority wants to do to him. But even if it's a wrong step or a decision, that hacker is really down to earth.
so if I were in the hacker's situation, I hope he would just fulfill the offer he was told because apart from not being charged, he would not be in jail or have bad records.
If they wanted to take that route then they would have taken it already, so I can only guess they want to keep playing this game of cat and mouse with Curve, and if anything this is the only explanation that I think it makes sense to explain what we are seeing.

If they were only motivated by the money then they would have never returned anything to Curve, if they realized the great offer they received then they would have returned everything and keep the 10% of the funds without the need to risk jail time, but instead they returned some of that money but kept the rest forcing a bounty over their heads, and the only way this makes sense to me is that they are enjoying this game they are playing with Curve and they do not want it to end.
sr. member
Activity: 1008
Merit: 262
Vave.com - Crypto Casino
August 08, 2023, 06:47:43 PM
#11
The are many ways scammers are developing to ways to make us  cry especially for those big cryptocurrency whales and big projects that lack the maximum security they need to stay in business. The same happens to Binance and the exchange quickly make I decision that make investors and traders to believe in it because they were able to replace customers money without any different. This was one of the reasons that made people trust Binance because of the precious decisions they made that was appealing. Although that decision was never easy that would have made Binance not be effect or be in existence by now.
sr. member
Activity: 2226
Merit: 347
August 08, 2023, 05:56:55 PM
#10
Also, what do you think is the reason and why did the hacker return the funds to another protocol?

There are possible few reasons among many which could convince the hacker on refunding the stolen funds, one is security, they are trying to play safe in the little way that they could, the funds which was stolen is not a small amount that could just be hidden under one wallet with being spent, even with lot of ways of mixing coins and removing trace from them, there are still possibilities of them leaving some trace, as the curve finance team will definitely be using every means possible to identify and trace them, it might not lead to any where, but their identity might not be hidden forever, so when a chance for them to keep some of the stolen asset present its self, they will happily grab it with open hands, there could also be some sort of disagreement between the hackers maybe that is the reason why all of the funds where not refunded yet.  
Just like others mentioned above that they wont really be a fool on giving out hints or traces on what their real identity is because we now that hacking is a punishable or illegal act which it would really be leading to be get
prisoned and this is something that they would really be avoiding. They wont really be that foolish enough on giving out their location and its true that not all of them would really be going for the money and its unlikely that a hacker would be saying that they dont want for the project to get ruined and this is why those funds had been given back? You could actually say that this hacker is good at least and there's no way on tracing it down no matter how big or generous the bounty is but as a project owner then better to be that grateful on what this hacker had done because if not then for sure it would really be giving out that huge impact into the project
since this is talking with huge funds. Expect that unexpected when it comes to hacking because they would really be making out those kind of exploits on the time that we do least expect.
hero member
Activity: 700
Merit: 673
August 08, 2023, 05:25:57 PM
#9
Also, what do you think is the reason and why did the hacker return the funds to another protocol?

There are possible few reasons among many which could convince the hacker on refunding the stolen funds, one is security, they are trying to play safe in the little way that they could, the funds which was stolen is not a small amount that could just be hidden under one wallet with being spent, even with lot of ways of mixing coins and removing trace from them, there are still possibilities of them leaving some trace, as the curve finance team will definitely be using every means possible to identify and trace them, it might not lead to any where, but their identity might not be hidden forever, so when a chance for them to keep some of the stolen asset present its self, they will happily grab it with open hands, there could also be some sort of disagreement between the hackers maybe that is the reason why all of the funds where not refunded yet.  
legendary
Activity: 966
Merit: 1042
#SWGT CERTIK Audited
August 08, 2023, 04:24:32 PM
#8
Hacking attacks in the DeFi space are very common as I know a few months back there was back-to-back, news for the funds hacking from the Decentralized wallets to the Liquidity platforms even on the borrowing and lending platforms. As Ronin wallet, Curve in recent, and the Uwerix on the most recent as it was on the date of 2nd August 3 days after the curve. Leetswap. Their valuation was low so they didn't grab attention in the market.

Overall the hack exploits in the Defi are not new and not much surprising the hackers use the technical backdoor vulnerabilities of the platform and steal money neatly.
hero member
Activity: 3010
Merit: 794
August 08, 2023, 04:16:54 PM
#7
Now, let's have an update about the curve finance. recently it had an issue where a hacker entered it and it happened on July 30, 2023. So what Curve did was they offered the hacker to return its fund and they will give 10% bounty rewards. And it will not be charged or imprisoned. The offer was accepted and the stolen assets were returned. But the hacker did not complete its full refund from other pools.

Because it has a deadline now it has passed. Now the rewards are offered just to identify the attackers. Also, what do you think is the reason and why did the hacker return the funds to another protocol? he said
Quote
He doesn't want to ruin the project.
and that's not the reason he's afraid of being identified.

Because it seems that what the hacker wants to release or make him look like is that the authorities cannot identify him. Let's see what happens here, because we know that the hacker is not invincible because there are and still are others caught. What happened to the Bitfinex hacker even after a long time was still caught. But if it turns out that a north Korwan hacker was able to access curve finance, it is unlikely to be recovered for sure.

Not all hackers would really be seem to be an evil guy, good thing that funds been given although in other protocol on which it is really just that normal that  they would really be trying out to give back those funds or assets

without being traced which they wont really be that so dumb that they would really be giving out hints on who they are. They arent called hackers for nothing on which it would really be just that normal that they would be having that safety precautions or approach.It is really just that good that the hacker did return out those funds but wondering if why those bounty didnt given back?since its been said that those funds were given
back on which it is really just that right that they would really be following up on what they had said about the bounty.It turns out to be that so non ethical despite on having negotiations in between a hacker.

Hackers are lurking in the shadows and trying out to wait for the opportunity on exploiting out projects  which does have weak security and taking it as an advantage.This is why it cant really be removed out the possibilites
that hacking incidents would be stopped and we know that once there is a breach then confidence and trust of investors on a certain project would dwindled out because the main thing that would be having in mind is that
your money or investment isnt really safe on something or a project that have been breached out.
full member
Activity: 896
Merit: 117
PredX - AI-Powered Prediction Market
August 08, 2023, 09:23:42 AM
#6
The smart choice here would be to just take the 10% and live freely. I know highly-technical crypto users can evade traceability by doing things correctly, but it only takes one mistake mistake to get yourself in handcuffs. Having more money isn’t worth it if you’ll be on-the-run(virtually) forever.

It's just that based on the source given by op, all the funds were not returned back to the protocol that is said, which means that the hacker is not worried about whatever the authority wants to do to him. But even if it's a wrong step or a decision, that hacker is really down to earth.
so if I were in the hacker's situation, I hope he would just fulfill the offer he was told because apart from not being charged, he would not be in jail or have bad records.
sr. member
Activity: 1610
Merit: 264
August 08, 2023, 09:05:04 AM
#5
The smart choice here would be to just take the 10% and live freely. I know highly-technical crypto users can evade traceability by doing things correctly, but it only takes one mistake mistake to get yourself in handcuffs. Having more money isn’t worth it if you’ll be on-the-run(virtually) forever.
I would rather just live average than just get paranoid on even touching every single gadget I usually use daily. I can imagine the anxiety of having to do these kinds of stuff. Not sure how many software do hackers need just  to cover trace, and I am pretty sure that VPN just barely scratches the surface, but you're right that just a single mistake could lead you either being on-the-run or possibly get hunted down considering that we're talking about internet.

I haven't followed this incident but there have been cases before that it happened too. Offered a bounty to the hacker but then, in a way that I don't know how the authorities managed to get probably a footprint or trace from the logs or whatsoever in technicality, the hacker got caught. It could possibly be an ego thing or whatnot but I agree that it's best to just take the offer and then let it call quits and that's it. No need to prove that he's the best and just stop fooling around with people's money.
There could have been possibly an internal investigation within the pools. Surely they had user of interest, but hey we'll never know who's who.
hero member
Activity: 2366
Merit: 838
August 08, 2023, 08:37:49 AM
#4
I recall months ago or two years ago, there is a hack and after that a hacker refunds to the project. People extrapolate that hack like an inorganic drama from that project team to create their pump and dump games.

I don't know what other people think about it but I see it is reasonable. Hacks a project, drains its treasury but then refunds it without any benefit but meanwhile and later can face with risk of reported by the victim project and arrested by police as well as in worst legal scenario, will be put in jails.

I will not play such dumb games like that if I am a hacker.

But if  I am an internal team member and want to set up an internal hack to dump tokens and days later refund hacked amount to bump tokens again, I will have many reasons to do such hack-and-refund.
hero member
Activity: 3136
Merit: 591
Leading Crypto Sports Betting & Casino Platform
August 08, 2023, 07:10:29 AM
#3
I haven't followed this incident but there have been cases before that it happened too. Offered a bounty to the hacker but then, in a way that I don't know how the authorities managed to get probably a footprint or trace from the logs or whatsoever in technicality, the hacker got caught. It could possibly be an ego thing or whatnot but I agree that it's best to just take the offer and then let it call quits and that's it. No need to prove that he's the best and just stop fooling around with people's money.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
August 08, 2023, 03:47:28 AM
#2
The smart choice here would be to just take the 10% and live freely. I know highly-technical crypto users can evade traceability by doing things correctly, but it only takes one mistake mistake to get yourself in handcuffs. Having more money isn’t worth it if you’ll be on-the-run(virtually) forever.
hero member
Activity: 1666
Merit: 453
August 08, 2023, 12:48:06 AM
#1
Now, let's have an update about the curve finance. recently it had an issue where a hacker entered it and it happened on July 30, 2023. So what Curve did was they offered the hacker to return its fund and they will give 10% bounty rewards. And it will not be charged or imprisoned. The offer was accepted and the stolen assets were returned. But the hacker did not complete its full refund from other pools.

Because it has a deadline now it has passed. Now the rewards are offered just to identify the attackers. Also, what do you think is the reason and why did the hacker return the funds to another protocol? he said
Quote
He doesn't want to ruin the project.
and that's not the reason he's afraid of being identified.

Because it seems that what the hacker wants to release or make him look like is that the authorities cannot identify him. Let's see what happens here, because we know that the hacker is not invincible because there are and still are others caught. What happened to the Bitfinex hacker even after a long time was still caught. But if it turns out that a north Korwan hacker was able to access curve finance, it is unlikely to be recovered for sure.

Source: https://m.investing.com/news/cryptocurrency-news/curve-finance-opens-bounty-after-exploiters-return-deadline-expires-3146166
Jump to: