DeFi

Indexed Finance turns to authorities as attacker refuses to return stolen $16 million

  • DeFi application Indexed Finance has released an update on last week's hack in which the attacker stole $16 million
  • The attacker is refusing to return the funds, forcing the team to call law enforcement
  • As DeFi exploits become more common, teams are now putting a lot of their attention to securing their protocols before release

Indexed Finance, which was the victim of an exploit, was able to identify the attacker and will now turn to law enforcement as the hacker refuses to return the $16 million.

The attacker wants to settle the matter through legal channels

DeFi application Indexed Finance has released an update on last week’s hack in which the attacker stole $16 million. Dillon Kellar one of the lead developers at Indexed Finance, tweeted that the attacker is refusing to return the funds, forcing the team to call law enforcement. Kellar said that “despite white supremacy and anti-Semitism,” and because he offered the attacker “an easy way out of ruining his life,” the attacker decided to keep the stolen funds. Indexed Finance identified the attacker and gave him several opportunities to return the funds, offering a 10% bounty.

Indexed Finance has provided a detailed analysis proving the attacker’s identity. He had contacted the team a few weeks ago about developing an arbitrage bot. The attacker is a master’s student with knowledge of mathematics. But the attacker wants to settle the matter through legal channels if necessary, citing “code is law”. Deleted chat logs show that Indexed Finance was correct in its identification.

DeFi exploits become more common

Last week, the hacker exploited two index pools on the protocol, taking advantage of the rebalancing mechanism. This allowed him to mint additional DEFI5 at an inflated valuation. The result was that the hacker stole several assets. Indexed Finance is working on the way to compensate users while the vulnerability is fixed.

As DeFi exploits become more common, teams are now putting a lot of their attention into securing their protocols before release. Flash loans continue to be a significant concern, with protocols such as Cream Finance, xToken, and Popsicle Finance affected by a flash loan attack this year. Another suggested solution is insurance protocols that cover damages that may occur during such attacks.

Sign up for our FREE mailing list

Join 12,590 others now and get actionable research and analysis sent directly to your inbox.

Post a Comment

GET YOUR CRYPTO DAILY BRIEF

Delivered daily, straight to your inbox.