Texture Finance hacker refunds 90% of loot after $2.2M exploit

Source Cryptopolitan

In a rare win for diplomacy in the world of decentralized finance (DeFi), Texture Finance has recovered the majority of funds lost in a recent exploit after reaching an agreement with the hacker. 

The attacker returned 90% of the $2.2 million in stolen USDC following a public bounty offer from the Solana-based protocol, averting further escalation and criminal pursuit.

The exploit, disclosed by Texture Finance on July 9, stemmed from a vulnerability in one of its vault smart contracts, which the protocol said affected only its USDC vault.

“We have discovered a security breach of the Texture Vaults contract, user funds in the amount of USDC 2.2M have been compromised,” the team wrote in a public post on X.

Withdrawals were immediately disabled, and Texture launched a “war room” response with auditors on deck and code patches underway.

In a follow-up message, the team issued an open call to the hacker: “We are offering a 10% bounty of any funds stolen, which are yours to keep if you return the remaining 90%… You made an opsec mistake, but it’s not too late to avoid escalating the situation.”

They added that if the attacker failed to respond by July 11 at 18:00 UTC, or attempted to move the funds, they would be considered a blackhat and referred to law enforcement.

It appears the hacker listened.

Texture Finance reached a rare greyhat resolution

Less than a day before the deadline, the attacker reportedly returned 90% of the stolen funds to the designated Texture SOL address, effectively claiming the 10% bounty.

“As the hacker has fulfilled their side of the agreement, we will not pursue the matter further,” Texture announced in a new post on July 10. “We truly appreciate your patience and understanding — and are grateful for the incredible spirit of camaraderie in the Solana ecosystem.”

The return of funds places this incident in a growing category of so-called “greyhat” exploits, where attackers breach vulnerable protocols but ultimately opt to return most or all of the funds in exchange for immunity or a bounty.

In April, for example, an attacker who exploited ZKSync returned $5.4 million after accepting a similar 10% deal following community pressure and public negotiation.

This approach has become more common in the DeFi world, where on-chain activity is transparent, and attribution, though not always immediate, can expose hackers to real-world consequences.

Still, many remain critical of the tactic, arguing it blurs the line between ethical hacking and extortion.

More turbulence in DeFi

According to Texture Finance, a full fix has already been developed and is currently undergoing audit. “We’re finalizing the code fix and completing a thorough review with our auditor. The updated contract will be redeployed shortly,” the team said in its July 10 post.

A post-mortem analysis is expected soon.

In the meantime, Texture has left user withdrawals disabled and advised users that repayments remain functional “in standard mode,” though no specific timeline was provided for resuming normal operations.

The incident adds to what has been a turbulent week in DeFi security. The same day Texture’s breach happened, perpetuals protocol GMX suffered a separate exploit on Arbitrum that resulted in $42 million in losses, with the protocol offering the hacker a 10% white-hat bounty.

These incidents underscore the persistent security challenges facing DeFi protocols, particularly as composability increases and smart contracts grow more complex. Even well-vetted platforms can become targets if vulnerabilities go unnoticed.

Cryptopolitan Academy: Coming Soon - A New Way to Earn Passive Income with DeFi in 2025. Learn More

Disclaimer: For information purposes only. Past performance is not indicative of future results.
placeholder
Meme Coins Price Prediction: Downside risk persists for Dogecoin, Shiba Inu, and PepeMeme coins, such as Dogecoin (DOGE), Shiba Inu (SHIB), and Pepe (PEPE), continue to decline steadily as the broader cryptocurrency market remains volatile.
Author  FXStreet
Sep 25, Thu
Meme coins, such as Dogecoin (DOGE), Shiba Inu (SHIB), and Pepe (PEPE), continue to decline steadily as the broader cryptocurrency market remains volatile.
placeholder
Silver Price Forecast: XAG/USD retreats from 14-year highs to below $45.00Silver price (XAG/USD) attracts some sellers to near $44.80 after reaching its highest in over 14 years during the Asian trading hours on Friday.
Author  FXStreet
18 hours ago
Silver price (XAG/USD) attracts some sellers to near $44.80 after reaching its highest in over 14 years during the Asian trading hours on Friday.
placeholder
Gold dips as Fed rate cut bets fade; lacks bearish conviction ahead of US PCE dataGold (XAU/USD) struggles to capitalize on the previous day's modest gains and attracts fresh sellers during the Asian session on Friday.
Author  FXStreet
18 hours ago
Gold (XAU/USD) struggles to capitalize on the previous day's modest gains and attracts fresh sellers during the Asian session on Friday.
placeholder
US core PCE inflation set to rise 2.9% YoY in August with Federal Reserve easing outlook in focusThe United States (US) Bureau of Economic Analysis (BEA) will publish the Personal Consumption Expenditures (PCE) Price Index data for August on Friday at 12:30 GMT. 
Author  FXStreet
18 hours ago
The United States (US) Bureau of Economic Analysis (BEA) will publish the Personal Consumption Expenditures (PCE) Price Index data for August on Friday at 12:30 GMT. 
placeholder
ETH Whales Buy the Dip as Ethereum Breaks $4,000 SupportEthereum (ETH) whales are capitalizing on falling prices as the second-largest cryptocurrency continues to trend downward, breaking the critical $4,000 level.
Author  Beincrypto
16 hours ago
Ethereum (ETH) whales are capitalizing on falling prices as the second-largest cryptocurrency continues to trend downward, breaking the critical $4,000 level.
goTop
quote