Cryptocurrency Company Offers Attacker $200,000 Bug Bounty for Stolen Funds
A cryptography borrowing and savings company, Akropolis, has found itself targeted in a recent attack where an attacker managed to steal $2 million in DAI virtual currency. The Gibraltar-based firm was quick to respond by offering the attacker a $200,000 bug bounty in exchange for the return of the stolen funds.
Attacker Exploits Bug in SavingsModule Smart Contract
The attack on Akropolis occurred last Thursday when the attacker exploited a bug in the deposit logic of the SavingsModule smart contract. This loophole allowed them to make off with over two million in DAI. However, the security company PeckShield was able to trace the stolen funds to the attacker’s Ethereum account, providing hope for recovery.
Open Letter to the Attacker
In an attempt to reach a resolution without involving law enforcement, Akropolis published an open letter to the attacker over the weekend. The company proposed that the stolen funds be returned within 48 hours in exchange for the bug bounty. They also assured the attacker of protecting their identity if they choose to cooperate.
If the attacker refuses to return the funds, Akropolis stated that they would pursue criminal action and involve law enforcement. The company remains hopeful for a collaborative solution with the attacker.
Security Measures and Investigations
Following the attack, Akropolis took immediate action by fixing the issue at a contract level. The company also conducted internal investigations with auditors and external reviews with investors and exchange partners to prevent future breaches.
This incident comes shortly after the theft of $24 million from Harvest Finance, another decentralized finance (DeFi) protocol firm. In a similar approach, Harvest Finance offered a $100,000 reward for assistance in returning the stolen funds.
As the cryptocurrency industry continues to face security threats, bug bounties and collaborative efforts between companies and attackers may pave the way for mitigating risks and ensuring the safety of digital assets.