What Happened?

On June 12, Sturdy Finance, a decentralized finance (DeFi) lending platform, faced a pesky little problem: a hacker who decided to exploit the platform’s vulnerabilities to the tune of nearly $800,000. The culprit took advantage of a faulty price oracle and executed a classic reentrancy attack – the kind of thing that keeps cybersecurity folks up at night.

The Bounty Offer

In a bold move, co-founder Sam Forman took to Twitter, announcing the company’s offer of a $100,000 bounty to the hacker. The goal? To persuade the perpetrator to return the remaining funds and walk away peacefully. It’s like a modern-day Wild West standoff, but with fewer six-shooters and more smart contracts.

Why Bounties? The Logic Behind It

Utilizing bounties to recover stolen funds isn’t new; it’s a tactic being used more frequently in the DeFi space. Recent history suggests that if you can woo the hacker back to the light with a cash incentive, you might just get a good chunk of your assets back. For instance, Euler Finance successfully negotiated and managed to retrieve 90% of their stolen funds earlier this year.

Lessons Learned from Past Exploits

• Engagement Works: Platforms are finding that reaching out can lead to recoveries.
• Escaping Isn’t Easy: The age of anonymous hackers is shifting; with agencies tightening their nets, the stakes are getting higher.
• Each Case is Unique: Offering bounties may work in some cases but not in others, as seen with the Jimbos Protocol’s massive public bounty that resulted in radio silence from the hacker.

Should Platforms Negotiate with Hackers?

As the digital landscape evolves, the debate on whether crypto projects should negotiate with hackers continues. Some argue that cooperating opens the door to more attacks, while others insist it’s a practical approach to mitigate losses. With the stakes so high, do we have a choice? In the end, let’s call it what it is: a calculated gamble in a high-stakes game where everyone is a player.