Texture Finance hacker refunds 90% of loot after $2.2M exploit
In a rare win for diplomacy in the world of decentralized finance (DeFi), Texture Finance has recovered the majority of funds lost in a recent exploit after reaching an agreement with the hacker.
The attacker returned 90% of the $2.2 million in stolen USDC following a public bounty offer from the Solana-based protocol, averting further escalation and criminal pursuit.
The exploit, disclosed by Texture Finance on July 9, stemmed from a vulnerability in one of its vault smart contracts, which the protocol said affected only its USDC vault.
“We have discovered a security breach of the Texture Vaults contract, user funds in the amount of USDC 2.2M have been compromised,” the team wrote in a public post on X.
Withdrawals were immediately disabled, and Texture launched a “war room” response with auditors on deck and code patches underway.
In a follow-up message, the team issued an open call to the hacker: “We are offering a 10% bounty of any funds stolen, which are yours to keep if you return the remaining 90%… You made an opsec mistake, but it’s not too late to avoid escalating the situation.”
They added that if the attacker failed to respond by July 11 at 18:00 UTC, or attempted to move the funds, they would be considered a blackhat and referred to law enforcement.
It appears the hacker listened.
Texture Finance reached a rare greyhat resolution
Less than a day before the deadline, the attacker reportedly returned 90% of the stolen funds to the designated Texture SOL address, effectively claiming the 10% bounty.
About two hours ago, the hacker returned 90% of the stolen funds to the Texture SOL address, taking the 10% greyhat bounty proposed earlier by the Texture team.
As the hacker has fulfilled their side of the agreement, we will not pursue the matter further.
We want to thank…
— Texture (@texture_fi) July 10, 2025
“As the hacker has fulfilled their side of the agreement, we will not pursue the matter further,” Texture announced in a new post on July 10. “We truly appreciate your patience and understanding — and are grateful for the incredible spirit of camaraderie in the Solana ecosystem.”
The return of funds places this incident in a growing category of so-called “greyhat” exploits, where attackers breach vulnerable protocols but ultimately opt to return most or all of the funds in exchange for immunity or a bounty.
In April, for example, an attacker who exploited ZKSync returned $5.4 million after accepting a similar 10% deal following community pressure and public negotiation.
This approach has become more common in the DeFi world, where on-chain activity is transparent, and attribution, though not always immediate, can expose hackers to real-world consequences.
Still, many remain critical of the tactic, arguing it blurs the line between ethical hacking and extortion.
More turbulence in DeFi
According to Texture Finance, a full fix has already been developed and is currently undergoing audit. “We’re finalizing the code fix and completing a thorough review with our auditor. The updated contract will be redeployed shortly,” the team said in its July 10 post.
A post-mortem analysis is expected soon.
In the meantime, Texture has left user withdrawals disabled and advised users that repayments remain functional “in standard mode,” though no specific timeline was provided for resuming normal operations.
The incident adds to what has been a turbulent week in DeFi security. The same day Texture’s breach happened, perpetuals protocol GMX suffered a separate exploit on Arbitrum that resulted in $42 million in losses, with the protocol offering the hacker a 10% white-hat bounty.
These incidents underscore the persistent security challenges facing DeFi protocols, particularly as composability increases and smart contracts grow more complex. Even well-vetted platforms can become targets if vulnerabilities go unnoticed.
Cryptopolitan Academy: Coming Soon - A New Way to Earn Passive Income with DeFi in 2025. Learn More
Recommended Articles
