Decentralized finance (DeFi) platform Jimbos Protocol has offered 10% of the exploited funds to the general public after giving the hacker several days to respond to the deal.
On May 28, the Arbitrum-based DeFi app was exploited, resulting in a loss of 4,000 Ether (ETH). After taking advantage of the lack of slippage control on liquidity conversions, the exploiter was able to swipe assets worth around $7.5 million at the time.
Following the hack, the team behind the exploited protocol attempted to negotiate with the hacker. The DeFi protocol offered 10% of the exploited funds as a bounty and threatened the hacker with prosecution. The team offered what they described as a “fast $800k payday” but said that if 90% of the funds are not returned, they won’t stop until the hacker is behind bars.
After giving the hacker some time to respond, the protocol recently announced that it would extend the bounty offer to the general public. In a Twitter thread, the DeFi protocol announced that anyone who could provide information that leads to either catching the exploiter or recovering the funds would be eligible for the reward.
It’s been a quiet couple of days. Let's catch up.— Jimbos Protocol (v2, soon) (@jimbosprotocol) May 31, 2023
We've spoken about our bounty before, 10% of stolen funds (~$800k USD). We've given the hacker time to comply for the bounty but evidently, they're not interested, so we're committed to doing what we said we were going to do.
In addition, the team also mentioned that they are already working with a law enforcement agency that focuses on blockchain cybercrime investigations. Furthermore, the team said they would share future plans for the protocol and a recovery plan for the exploit victims.
While the recent hack shows that some hackers may not be willing to negotiate, other bounty negotiations have been successful. On April 4, the Euler Finance team recovered 90% of hacked funds after offering the exploiter a bounty of $19.6 million. Similarly, lending protocol Sentiment also managed to recover 90% of its funds from a hacker after offering a 10% bounty to the exploiter.