Three weeks after the hack, the developers of the decentralized Cream Finance protocol confirmed that the project managed to return 5152.6 ETH (approximately $16.7 million at the time of writing), identifying the hacker with the help of the community.

“After the exploit on August 31, we committed ourselves to return the stolen funds to our community. We would like to confirm that 5152.6 ETH has been recovered,” they said.

Two security researchers under the nicknames losslessdefi and pcaversaccio helped Cream Finance track down and identify the hacker. As part of the current bounty program, they received the equivalent of 50% of the stolen amount – 2576.3 ETH ($8.3 million).

To ensure a full refund, the project representatives allowed the hacker to keep 10% of the stolen funds – approximately 515 ETH (about $ 1.6 million) as a reward for the discovered error.

Recall that on August 30, the Cream Finance DeFi protocol was attacked using instant credit.

The damage amounted to 462,079,976 AMP and 2804 ETH (more than $18 million).

Later, the protocol developers announced their readiness to independently compensate the victims for losses by deducting 20% of commission fees. The developers also announced that they would pay 10% of the stolen amount to the hacker if he returned the funds.

On September 8, the hacker transferred most of the stolen amount of 5,152.6 ETH to the Cream Finance multisig wallet.