Gamma Strategies, an Ethereum-based liquidity management protocol, has taken the unusual step of reaching out to the attacker who stole $3.4 million in digital assets, proposing a negotiation for a bounty in an attempt to recover the lost funds from the exploit.
The incident was initially flagged by blockchain security company PeckShield on January 4, uncovering a vulnerability within the Gamma vault. Initially estimated at about 211.9 Ethereum, valued at around $469,000, the losses were later confirmed to be $3.4 million. Additionally, approximately $2.2 million of the stolen funds had been moved to the cryptocurrency mixer Tornado Cash.
In response to the breach, Gamma promptly halted vault deposits, permitting only withdrawals. Furthermore, the protocol made a direct overture to the attacker's wallet address, seeking to initiate discussions for the potential return of the pilfered crypto assets.
Gamma Strategies also disclosed that it had identified the root cause behind the attack. It assured the community that by shutting down deposits to their public-facing vaults, they have effectively minimized further potential attacks, given that the attack vector hinges on deposits. The protocol outlined forthcoming measures, including undergoing a third-party code review before reopening deposits, aimed at fortifying defenses against future attacks. The company emphasized its commitment to restoring affected users to the fullest extent feasible.
Expressing regret for the impact on affected individuals, Gamma pledged to release a more comprehensive post-mortem analysis and propose a plan for remedial actions in the upcoming days.
