Coinbase Receives $1 Million Amid Crypto Hack, Yet Victims Await Compensation – What's Going On?
Coinbase, the largest US cryptocurrency exchange, has raked in $1 million in profit from the recent hack of DeFi platform Curve Finance.
The exchange has not yet returned the funds, which some argue belong to the victims of the hack, claiming that it is not obligated to do so.
The incident in question occurred in July when a hacker targeted Curve Finance, a major player in the DeFi market, resulting in the theft of $73 million worth of assets.
During the attack, the pricing system of Curve was disrupted, creating a unique arbitrage opportunity.
A trading bot recognized this opportunity and paid 570 ETH (equivalent to $1.06 million at the time) to ensure that its trade was processed quickly by an Ethereum blockchain validator.
This payment marked the second-largest ever made in what is known as "maximal extractable value" (MEV).
Coinbase happened to be the validator that received the payment, according to Alchemix, a platform that suffered losses during the Curve exploit, as well as data from Nansen, which confirmed the exchange as the recipient.
Although most of the $73 million stolen from Curve has been recovered, Alchemix, which lost $22 million in the hack, claims that Coinbase has refused requests to return the funds it obtained as a result of the incident.
Alchemix believes that Coinbase is effectively holding stolen money and has criticized the exchange for not showing any willingness to return the funds, despite directly benefiting from the exploit.
Coinbase, on the other hand, maintains that it is not legally obligated to reimburse anyone, as representatives of the exchange have reportedly informed Alchemix.
This situation underscores the dilemma between the principles of blockchain-based finance, which often rely on the concept of "code is law," and the lack of recourse available to victims of crypto theft.
How Coinbase Earned $1 Million
In the initial attack on Curve, a bug in the code of certain liquidity pools was exploited, resulting in the loss of $73 million in assets.
One of the pools affected contained Ethereum (ETH) and alETH, a derivative of ether issued by Alchemix.
Following the hack, the pool experienced a significant imbalance between the two tokens, creating an opportunity for traders to purchase alETH at a steep discount.
A trading robot identified this opportunity and bought the remaining alETH in the pool, quickly selling them for another derivative called frxETH, which was then exchanged for ETH.
While the trading bot only made a profit of 43 ETH from these transactions, the majority of the profits went to Coinbase, the validator responsible for including the transaction in the Ethereum ledger.
The unusually high fee of 570 ETH served as an incentive for the validator to prioritize the bot's transaction over others attempting to make the same trade.
As reported, following public pressure and an ultimatum, the Curve exploiter returned all $22 million worth of stolen ETH and alETH to Alchemix.
Additionally, white-hat actors, acting in good faith, returned $13 million worth of assets before they could be stolen.
Furthermore, the trading bot operator responsible for profiting from the alETH imbalance returned its 43 ETH profit after a request from the Alchemix team.