CybserSecurity News

Tag: Bounty

  • Solana’s Texture Project Recovers $2.2M Crypto After Hacker Accepts “Gray Bounty” Deal

    A high-profile incident has recently concluded within the Solana ecosystem, involving the unauthorized extraction of cryptocurrency assets from the Texture project. Several days ago, an unidentified hacker exploited a vulnerability in one of the Texture Vaults’ smart contracts, siphoning approximately $2.2 million in USDC stablecoins. The attack was confined solely to the USDC vault; all other assets remained untouched.

    Immediately upon detecting the breach, the Texture team suspended all fund withdrawals to contain the situation and prevent any further exploitation. Simultaneously, they activated an internal “war room” to coordinate a rapid response. The developers swiftly identified and isolated the vulnerability and began working on a patch for the affected contract.

    Acknowledging that the attacker still retained control over the stolen funds, the team made an unorthodox decision—they offered the hacker a “gray bounty” amounting to 10% of the stolen assets, on the condition that the remaining 90% be returned without repercussions. This proposition was part of a broader strategy aimed at peaceful resolution, hoping to minimize losses and avoid protracted legal or technical conflict.

    Two hours after the final appeal, the attacker accepted the terms and transferred 90% of the funds back to Texture’s wallet on the Solana network. The team confirmed receipt of the assets and declared that, in light of the agreement being honored, no further action would be pursued against the perpetrator. This resolution sparked widespread discussion within the community. The team extended its gratitude to those who offered support and assisted in the negotiations.

    The developers are now finalizing a comprehensive review of the revised smart contract in collaboration with an external auditor. The updated contract will be redeployed shortly. A detailed technical report is also being prepared, which will elucidate the mechanics of the exploit, outline the vulnerability, and detail the measures implemented to bolster the system’s resilience.

  • $40 Million Crypto Heist: GMX Hacker Returns Funds for $5M Bounty, Dodges Legal Battle

    A hacker who siphoned $40 million in cryptocurrency from the decentralized exchange GMX has returned nearly the entire haul in exchange for a $5 million payout. The breach ranked among the largest in DeFi history, yet events took an unexpected turn when the GMX team proposed a settlement to avert protracted legal entanglements.

    Once the attack was detected, GMX reached out to the perpetrator with a straightforward proposition: surrender the stolen assets and receive a legitimate reward. Acknowledging the attacker’s technical prowess, GMX stressed that the choice between a lawful bounty and retaining illicit gains under threat of prosecution should be self-evident. The exchange also assured users that any losses would be covered from internal contingency funds.

    Three days after the hack, the swap was complete. The attacker signaled compliance on-chain—“ok, funds will be returned later”—and began remitting the money in tranches of roughly $5 million. In total, about $40.5 million was restored: 10,000 ETH worth $30 million and an additional $10.5 million in FRAX tokens. GMX confirmed receipt.

    The team later published a technical post-mortem outlining the vulnerability, which has now been patched. Founded in 2021, GMX claims more than 714,000 users and a cumulative trading volume of $305 billion.

    Legal jeopardy for the hacker, however, is not entirely off the table. A precedent looms from 2022, when Avraham Eisenberg drained $110 million from Mango Markets. Despite returning $67 million under a private agreement, he was later prosecuted and, in 2024, convicted on multiple counts—including commodities fraud and market manipulation—and sentenced to four years and four months in prison.