Solana’s Texture Project Recovers $2.2M Crypto After Hacker Accepts “Gray Bounty” Deal
A high-profile incident has recently concluded within the Solana ecosystem, involving the unauthorized extraction of cryptocurrency assets from the Texture project. Several days ago, an unidentified hacker exploited a vulnerability in one of the Texture Vaults’ smart contracts, siphoning approximately $2.2 million in USDC stablecoins. The attack was confined solely to the USDC vault; all other assets remained untouched.
Immediately upon detecting the breach, the Texture team suspended all fund withdrawals to contain the situation and prevent any further exploitation. Simultaneously, they activated an internal “war room” to coordinate a rapid response. The developers swiftly identified and isolated the vulnerability and began working on a patch for the affected contract.
Acknowledging that the attacker still retained control over the stolen funds, the team made an unorthodox decision—they offered the hacker a “gray bounty” amounting to 10% of the stolen assets, on the condition that the remaining 90% be returned without repercussions. This proposition was part of a broader strategy aimed at peaceful resolution, hoping to minimize losses and avoid protracted legal or technical conflict.
Two hours after the final appeal, the attacker accepted the terms and transferred 90% of the funds back to Texture’s wallet on the Solana network. The team confirmed receipt of the assets and declared that, in light of the agreement being honored, no further action would be pursued against the perpetrator. This resolution sparked widespread discussion within the community. The team extended its gratitude to those who offered support and assisted in the negotiations.
The developers are now finalizing a comprehensive review of the revised smart contract in collaboration with an external auditor. The updated contract will be redeployed shortly. A detailed technical report is also being prepared, which will elucidate the mechanics of the exploit, outline the vulnerability, and detail the measures implemented to bolster the system’s resilience.
