On July 30, Curve Finance suffered exploits on a number of its stable pools that were using Vyper, which is a smart contract programming language for the Ethereum Virtual Machine (EVM).
Curve ed its users that alETH, msETH, and pETH stable pools using Vyper 0.2.15 have been exploited “as a result of a malfunctioning reentrancy lock.”
It added that crvUSD contracts and any pools with it were not affected. Curve operates 232 different pools, but only ones using these versions of Vyper were affected.
In addition, crvUSD contracts and any pools with it are also not affected. This is implied in the tweet but still
— Curve Finance (@CurveFinance) July 30, 2023
Curve Hacker Returns Some Funds
Curve Finance CEO Michael Egorov said in a Telegram channel that 32 million CRV tokens worth over $22 million had been drained from the swap pool. However, total losses were estimated to be upwards of $40 million.
The incursion has destabilized the DeFi eco, much of which is reliant on Curve’s stable pools. Several DeFi protocols, such as Ellipsis, Alchemix, and Metronome, reported exploited stable pools.
A reentrancy attack occurs when a computing procedure can be interrupted and reentered again before its previous invocations complete ution.
On July 31, PeckShield reported that the Curve exploiter had returned 2,879 ETH worth around $5.4 million to the protocol deployer address.
#PeckShield c0ffeebabe.eth has returned 2,879 $ETH (~$5.4m) to #Curve deployer pic.twitter.com/2Jq0JOsrhV
— PeckShield (@PeckShield) July 31, 2023
This story is still developing, and things will become clearer when post-mortems are issued.
Curve has been targeted recently, with its Conic Finance omnipool getting exploited for $3.6 million in Ethereum last week in a similar reentrancy attack.
Furthermore, Curve Finance’s total value locked has tanked 43% since the exploit, falling from $3.26 billion to $1.87 billion, according to DeFiLlama.
CRV Price Crashes
Curve’s native token, CRV, dumped 18% in the hours following the attack. At the time of writing, CRV was trading at $0.621, having lost 15% over the past 24 hours.
The DeFi token has had a rough ride recently, dropping 23% over the past fortnight. As a result, CRV remains down a painful 96% from its August 2020 all-time high of $15.37.
Most of the tokens in the DeFi eco have been hit hard in this bear market and remain down 80-90% from their peak price levels.
Aviso: As informações nesta página podem ser provenientes de terceiros e não representam as opiniões ou pontos de vista da Gate. O conteúdo exibido nesta página é apenas para referência e não constitui aconselhamento financeiro, de investimento ou jurídico. A Gate não garante a exatidão ou integridade das informações e não será responsável por quaisquer perdas decorrentes do uso dessas informações. Os investimentos em ativos virtuais apresentam altos riscos e estão sujeitos a uma volatilidade de preços significativa. Você pode perder todo o capital investido. Por favor, compreenda completamente os riscos envolvidos e tome decisões prudentes com base em sua própria situação financeira e tolerância ao risco. Para mais detalhes, consulte o
Aviso Legal.
