Curve Finance 奖励发现关键漏洞的网络安全研究人员 25 万美元

网络安全研究员 Marco Croc 因发现 Curve Finance 中的一个严重漏洞而获得 25 万美元奖励，该漏洞使黑客窃取了数百万美元。尽管将威胁归类为“不那么危险”，但 Curve Finance 认识到潜在的风险及其可能对用户产生的影响。此次事件是在 7 月份发生的一次黑客攻击事件中造成 6,200 万美元损失，导致 Curve Finance 向流动性提供商赔偿 4,920 万美元。

Curve Finance Rewards Cybersecurity Researcher with $250,000 for Uncovering Critical Vulnerability

Curve Finance 奖励发现关键漏洞的网络安全研究人员 25 万美元

In a significant development within the decentralized finance (DeFi) industry, Curve Finance has awarded a substantial $250,000 bounty to cybersecurity researcher Marco Croc, affiliated with Kupia Security, for identifying a critical vulnerability within the protocol.

作为去中心化金融 (DeFi) 行业的一项重大发展，Curve Finance 向 Kupia Security 下属的网络安全研究员 Marco Croc 提供了 25 万美元的巨额奖金，以表彰其识别协议中的关键漏洞。

The vulnerability, which could have potentially allowed attackers to exploit balances and withdraw funds from liquidity pools, was detected by Croc and promptly reported to Curve Finance. Recognizing the severity of the issue, Curve Finance conducted a thorough investigation and acknowledged the potential security risks associated with the vulnerability.

Croc 发现了该漏洞，该漏洞可能允许攻击者利用余额并从流动性池中提取资金，并立即向 Curve Finance 报告。 Curve Finance 认识到问题的严重性，进行了彻底调查，并承认与该漏洞相关的潜在安全风险。

As a testament to the significance of Croc's contribution, Curve Finance awarded him the maximum bug bounty of $250,000. The protocol expressed its deep appreciation for Croc's vigilance and underscored the importance of collaborative efforts in safeguarding the DeFi ecosystem.

为了证明 Croc 贡献的重要性，Curve Finance 授予他最高 250,000 美元的漏洞赏金。该协议对 Croc 的警惕表示深切赞赏，并强调了合作努力保护 DeFi 生态系统的重要性。

While Curve Finance classified the threat as "not as dangerous," the protocol emphasized that even minor security incidents could trigger significant panic among users. It also reaffirmed its belief that stolen funds could be recovered in such scenarios.

虽然 Curve Finance 将这一威胁归类为“不那么危险”，但该协议强调，即使是轻微的安全事件也可能引发用户的严重恐慌。它还重申了其信念，在这种情况下可以追回被盗资金。

This incident follows Curve Finance's recent recovery from a hack in July, which resulted in a loss of approximately $62 million. To address this setback and restore confidence, the DeFi protocol conducted a vote to reimburse $49.2 million worth of assets to liquidity providers (LPs) affected by the breach.

此次事件发生之前，Curve Finance 最近从 7 月份的一次黑客攻击中恢复过来，这次黑客攻击造成了约 6200 万美元的损失。为了解决这一问题并恢复信心，DeFi 协议进行了投票，向受违规影响的流动性提供者 (LP) 赔偿价值 4920 万美元的资产。

On-chain data reveals that 94% of tokenholders approved the disbursement of tokens worth over $49.2 million to cover losses incurred in the Curve, JPEG'd, Alchemix, and Metronome pools. The successful reinstatement of funds serves as a testament to Curve Finance's commitment to security and its enduring support for its users.

链上数据显示，94% 的代币持有者批准支付价值超过 4920 万美元的代币，以弥补 Curve、JPEG'd、Alchemix 和 Metronome 矿池造成的损失。资金的成功恢复证明了 Curve Finance 对安全的承诺及其对用户的持久支持。

The identification and resolution of this critical vulnerability underscore the paramount importance of robust cybersecurity measures in the DeFi landscape. The industry remains vulnerable to sophisticated attacks, emphasizing the need for continuous vigilance, collaboration, and unwavering efforts to mitigate potential threats.

这一严重漏洞的识别和解决凸显了 DeFi 领域强有力的网络安全措施的重要性。该行业仍然容易受到复杂攻击的影响，强调需要持续保持警惕、协作并坚定不移地努力减轻潜在威胁。