Coinbase Withholds $1 Million Gained During Hack, Fails to Reimburse Victims
In July, Curve Finance fell victim to an attack that shook the DeFi market. Coinbase, the leading U.S. exchange, inadvertently made around $1 million from this incident, which they have not returned to the victims
Because Bitcoin
September 15, 2023
In July, Curve Finance fell victim to an attack that shook the DeFi market. Coinbase, the leading U.S. exchange, inadvertently made around $1 million from this incident, which they have not returned to the victims, as per a recent CoinDesk report.
The situation arose due to a unique DeFi glitch, with Coinbase benefiting as an Ethereum validator. While most of the stolen assets have been recovered, Alchemix, one of the victims, claims that Coinbase refuses to return their earnings, arguing they are not legally obligated to do so. This situation highlights the tension between the blockchain's "code is law" principle and the lack of recourse for crypto theft victims. In 2023, approximately $735 million in digital assets has been stolen, discouraging potential users from entering the crypto space.
The Coinbase-Curve case illustrates the complex process of asset recovery following crypto hacks. The intricate world of crypto trading algorithms and arbitrage opportunities can make it challenging to trace stolen funds. Frequently, accidental beneficiaries profit from crypto heists by earning unexpected fees for running specific blockchain infrastructure. This is the scenario Coinbase finds itself in. The question of whether Coinbase should reimburse the victims or if these funds are tainted is a matter of interpretation. To comprehend how Coinbase benefited, we must delve into the attack details.
On July 30, an attacker exploited a code bug in Curve, causing a $73 million asset loss. The attacker targeted a pool containing ether (ETH) and alETH, an ether derivative. This created an arbitrage opportunity, allowing traders to buy alETH at a discount. A trading bot seized this chance, buying alETH and exchanging it for ETH. However, most profits went to the validator, in this case, Coinbase, which prioritized the bot's transaction due to a substantial fee. This practice is known as Maximal Extractable Value (MEV).
While most stolen assets were returned, Coinbase has not followed suit, citing neutrality and decentralization. This case raises ethical questions about whether Coinbase should return the funds and how such issues should be resolved within the blockchain community.
Resources: