Texture Finance Hacker Returns 90% of $2.2M Haul—Crypto’s Oddest Heist Yet
In a plot twist even Hollywood wouldn’t script, the Texture Finance exploiter just sent back 90% of their loot—$2.2M in digital assets—after pulling off the perfect crypto heist. Was it guilt? A PR stunt? Or just bad at math?
The Refund Heist: How White-Hat Hacking Went Rogue
Move over, Robin Hood. This hacker grabbed the bag, then returned most of it—leaving Texture Finance scrambling to explain how $220K suddenly became an 'acceptable loss.' Meanwhile, DeFi degens are calling it 'the most polite rug pull in history.'
Crypto’s New Normal: When Exploiters Have Better Morals Than Hedge Funds
While Wall Street would’ve offshore-d that cash faster than a Solana transaction, this anonymous actor chose… partial redemption? Maybe Satoshi’s vision isn’t dead after all—just heavily discounted.
Texture Finance reached a rare greyhat resolution
Less than a day before the deadline, the attacker reportedly returned 90% of the stolen funds to the designated Texture SOL address, effectively claiming the 10% bounty.
About two hours ago, the hacker returned 90% of the stolen funds to the Texture SOL address, taking the 10% greyhat bounty proposed earlier by the Texture team.
As the hacker has fulfilled their side of the agreement, we will not pursue the matter further.
We want to thank…
— Texture (@texture_fi) July 10, 2025
“As the hacker has fulfilled their side of the agreement, we will not pursue the matter further,” Texture announced in a new post on July 10. “We truly appreciate your patience and understanding — and are grateful for the incredible spirit of camaraderie in the solana ecosystem.”
The return of funds places this incident in a growing category of so-called “greyhat” exploits, where attackers breach vulnerable protocols but ultimately opt to return most or all of the funds in exchange for immunity or a bounty.
In April, for example, an attacker who exploited zksync returned $5.4 million after accepting a similar 10% deal following community pressure and public negotiation.
This approach has become more common in the DeFi world, where on-chain activity is transparent, and attribution, though not always immediate, can expose hackers to real-world consequences.
Still, many remain critical of the tactic, arguing it blurs the line between ethical hacking and extortion.
More turbulence in DeFi
According to Texture Finance, a full fix has already been developed and is currently undergoing audit. “We’re finalizing the code fix and completing a thorough review with our auditor. The updated contract will be redeployed shortly,” the team said in its July 10 post.
A post-mortem analysis is expected soon.
In the meantime, Texture has left user withdrawals disabled and advised users that repayments remain functional “in standard mode,” though no specific timeline was provided for resuming normal operations.
The incident adds to what has been a turbulent week in DeFi security. The same day Texture’s breach happened, perpetuals protocol GMX suffered a separate exploit on Arbitrum that resulted in $42 million in losses, with the protocol offering the hacker a 10% white-hat bounty.
These incidents underscore the persistent security challenges facing DeFi protocols, particularly as composability increases and smart contracts grow more complex. Even well-vetted platforms can become targets if vulnerabilities go unnoticed.
KEY Difference Wire helps crypto brands break through and dominate headlines fast
