The attacker who targeted Curve Finance, a decentralized finance (DeFi) protocol, has begun returning some of the stolen funds. The attacker sent 4,821 Ethereum (ETH), worth approximately $9 million, in a series of transactions to Alchemix Finance, one of the victims.

Earlier today, the attacker had sent an on-chain message to Alchemix, asking the protocol to confirm its address before the funds were sent. The attacker further explained that he returned funds because he did not want to ruin the projects.

Following the news, Curve’s CRV token saw a price rally of nearly 6%, reaching $0.61640. This was prompted by speculations within the community that the attacker might return more of the stolen funds to the protocol.

On July 30, several DeFi projects suffered a reentrancy attack after multiple versions of Vyper, a smart contract language for the Ethereum virtual machine (EVM), were exploited by malicious players. Reports estimated that losses across these projects were more than $60 million.

The impacted projects had offered the attacker a 10% bounty on Aug. 3 in exchange for the return of funds stolen.

Contagion fears persist

Meanwhile, the attack had wider implications, presenting a contagion risk. The value of Curve’s native token, CRV, fell by more than 20% after the attack. The situation was further complicated by the fact that Curve’s founder, Michael Egorov, had used CRV as collateral on several lending protocols, including Aave

Since then, Egorov has been involved in a fire sale of CRV, selling over 100 million tokens for $42.4 million to different entities, including market maker Wintermute, Tron founder Justin Sun and others, via over-the-counter deals.

However, on-chain analyst Lookonchain reported that Egorov still has $65.34 million in debt across different DeFi protocols.