"Robbed, but not brazenly: Solana hacker returns $2M and walks away with a tip"
In the crypto world, a thief isn’t always a thief. Sometimes, they’re just an "alternative auditor."
In the crypto world, a thief isn’t always a thief. Sometimes, they’re just an "alternative auditor."
A high-profile incident in the Solana ecosystem involving the leakage of crypto assets from the Texture project has come to an end. A few days ago, an unknown hacker exploited a vulnerability in one of Texture Vaults' contracts and withdrew approximately $2.2 million in USDC stablecoins. The attack targeted only the USDC vault, leaving other assets untouched.
Immediately after detecting the incident, the Texture team halted all withdrawals to prevent further exploitation. At the same time, an internal "war room" was activated for rapid response. The developers quickly identified the vulnerability, contained it, and began working on a contract update.
Realizing that the hacker still controlled the funds, the team took an unconventional approach—they offered the attacker a "gray reward" of 10% of the stolen amount if they agreed to return the remaining 90% without consequences. This proposal was part of a peaceful settlement strategy, aimed at minimizing damage and avoiding lengthy legal disputes.
Two hours after the final appeal, the hacker accepted the terms and sent 90% of the funds back to Texture’s Solana address. The team confirmed receipt of the assets and stated that since the hacker had fulfilled their part of the agreement, no further action would be taken against them. This decision sparked lively discussions in the community. The team also expressed gratitude to those who provided support and assisted in negotiations.
The developers are finalizing the audit of the patched contract in collaboration with an auditor. The updated version will be redeployed soon. A detailed technical report is also being prepared, which will reveal the attack mechanism, the vulnerability’s technical details, and the measures taken to strengthen the system’s resilience.
(Translation adjusted for natural phrasing while preserving key details.)
