Sturdy Finance team had sent a message to the attacker’s address
Sturdy Finance took decisive action in response to a security incident involving an unknown attacker.
Sam Forman, the project’s founder, confirmed through a recent tweet that his team had sent an on-chain message directly to the attacker’s address. The message presented an intriguing offer to the perpetrator: a $100,000 bounty would be granted if they returned the stolen funds to a specific address owned by Sturdy.
Furthermore, Forman made it clear that the team would refrain from pursuing criminal charges if the funds were promptly returned.
Forman’s tweet explicitly stated, “We are willing to offer you $100k as a bounty, and will not pursue you further if you send the remaining funds to 0x4e...89F5.” This compassionate gesture suggests the possibility of leniency for the attacker should they choose to comply with the terms.
The incident occurred as a result of an exploitable reentrancy vulnerability within one of Sturdy Finance’s liquidity pools. Exploiting this vulnerability allowed the attacker to manipulate a price oracle and successfully siphon off funds.
Furthermore, Forman made it clear that the team would refrain from pursuing criminal charges if the funds were promptly returned.
Forman’s tweet explicitly stated, “We are willing to offer you $100k as a bounty, and will not pursue you further if you send the remaining funds to 0x4e...89F5.” This compassionate gesture suggests the possibility of leniency for the attacker should they choose to comply with the terms.
The incident occurred as a result of an exploitable reentrancy vulnerability within one of Sturdy Finance’s liquidity pools. Exploiting this vulnerability allowed the attacker to manipulate a price oracle and successfully siphon off funds.