- EraLend’s team said the hacker could keep 10% of the stolen funds as a white hat bounty.
- The deal was valid if the hacker returned 90% of the assets to wallet address 0x9eEE479DCf6075a0cb905c27e8F952910c3bb69D before 2 PM UTC on July 27.
- Etherscan data showed that the address provided by EraLend sits almost empty, meaning that the exploiter did not take up the offer to return funds.
- The zkSync-based lending protocol lost $3.4 million this week due to a read-only reentrancy bug in its smart contract.
The hacker who stole $3.4 million from DeFi lending protocol EraLend snubbed a 2 PM deadline to return some of the stolen funds and keep a portion of the loot as a white hat bounty.
On July 26, the EraLend team proposed a deal with the unidentified hacker. The terms offered a white hat bounty worth 10% of the stolen funds if the hacker returned 90% of the assets to wallet address 0x9eEE479DCf6075a0cb905c27e8F952910c3bb69D.
Typically, white hat bounties are offered to hackers or sleuths who discover bugs in smart contract codes. This route is also taken by protocols seeking to recover their stolen assets peacefully.
The DeFi lender set a deadline of 2 PM UTC today though the deadline has now passed and the hacker did not return the funds as proposed. EraLend promised to tap the broader DeFi community, centralized exchanges (CEXs), and law enforcement should the hacker continue to hold user funds hostage.
Furthermore, the platform opened its 10% bounty to the public and implored anyone with information on the hacker’s identity to come forward.
The DeFi protocol which runs atop Ethereum L2 network zkSync updated users today on three developments. Firstly, the team identified a suspicious CEX account that may be involved in the hack.
Also, a formal request was sent to a VPN provider that the team believes was used by the attacker to hide their identity. The protocol is also working with security experts for an autopsy on the attack vectors deployed before and after the $3.4 million hack.
EraLend suffered a read-only reentrancy attack on July 25, allowing the hacker to drain millions in crypto from the platform. The exploiter then moved a chunk of the funds to addresses on Ethereum, Arbitrum, and Optimism per security shop Peckshield.
Tuesday’s hack was one of several attacks on DeFi protocol and crypto service providers in recent months.
Prior to the attack, the platform boasted $18.5 million in total value locked (TVL). This number nosedived to $3.2 million at press time, DefiLlama data showed.