Indexed Finance Attacker Refuses to Return Stolen $16M, Team Approaching Authorities

2 mins
20 October 2021, 06:48 GMT+0000
Updated by Kyle Baird
20 October 2021, 06:48 GMT+0000
In Brief
  • The Indexed Finance team identified the attacker and gave him multiple chances to return the funds.
  • The attacker has refused, forcing the team to take the matter to law enforcement.
  • Indexed Finance is working on a compensation plan to reimburse victims.
  • promo

The hacker who stole $16 million from Indexed Finance DeFi pools last week is refusing to return the funds. The team, which has identified the attacker, will now contact law enforcement.

DeFi protocol Indexed Finance has released an update on the hack that it experienced last week, which saw the attacker steal $16 million in the form of various tokens. Dillon Kellar, the lead developer at Indexed Finance, tweeted that the attacker has refused to return the funds, forcing the team to escalate the situation to law enforcement.

Kellar said that “despite the white supremacy and antisemitism” and giving the attacker “an easy way out of ruining his life,” the attacker has chosen to keep the stolen funds. Indexed Finance has seemingly identified the attacker and had given him multiple opportunities to return the funds, with a 10% bounty as an offering.

But the attacker wants to take the matter to the legal system if necessary, going by the defense of “code is law.” Indexed Finance provided a detailed analysis proving the identity of the attacker, who had contacted the team a few weeks ago about the development of an arbitrage bot. The attacker is a master’s student with knowledge of mathematics, and deleted chat logs indicate that Indexed Finance was correct in its identification.

The attacker exploited two index pools on the protocol, taking advantage of the rebalancing mechanism, allowing him to mint additional DEFI5 at an inflated valuation. The end result was that several different assets were stolen. Indexed Finance is working on a way to reimburse users as it simultaneously addresses the vulnerability.

DeFi protocols continue as target for attackers

Decentralized finance (DeFi) protocols have proven to be a bit of a double-edged sword in the market. While they are at the cutting edge of blockchain technology, their novelty and attractiveness have made them the target of sophisticated attacks. These protocols tend to pull in many new investors who are seeking the next Aave or Yearn.Finance, and the end result is a prime target for hackers.

Consequently, teams are now putting a large part of their focus on securing their protocols before release and still emphasizing that protocols could be subject to attacks. Flash loans remain a big concern — major lending platform Cream Finance lost $25 million in August 2021. Such incidents happen frequently and are thorns in the DeFi market’s side.

Another proposed solution is insurance protocols, which cover damages that may occur during these attacks. DeFi is now seen as the new wild west in crypto, and crypto insurance projects are hoping that it can bring some law and order to the space.


BeInCrypto has reached out to company or individual involved in the story to get an official statement about the recent developments, but it has yet to hear back.