As per the preliminary audits, the estimated losses are already north of $42 million with assets worth $100 million under risk.
Curve Finance, the Ethereum-based second-largest decentralized exchange (DEX) after Uniswap, suffered a major exploit on Sunday, July 30. The exploit happened typically due to a vulnerability in its programing language Vyper.
Due to the “re-entrancy” bug discovered in Vyper, a total of $100 million worth of digital assets are at risk. The hackers have also drained other stablecoin pools on the platform used for pricing and liquidity for a number of different DeFi services. The official announcement from Curve Finance notes:
“A number of stablepools (alETH/msETH/pETH) using Vyper 0.2.15 have been exploited as a result of a malfunctioning reentrancy lock. We are assessing the situation and will update the community as things develop. Other pools are safe.”
As of now, the exact amount drained from Curve due to the attack remains uncertain. BlockSec, a blockchain auditing firm, conducted a preliminary analysis and estimated the total losses to be above $42 million, as mentioned on Twitter.
Curve runs 232 different pools, according to its website, but only pools utilizing Vyper versions 0.2.15, 0.2.16, and 0.3.0 are vulnerable to the attack, as disclosed by mimaklas, a member of the team in a Discord announcement. Mimaklas further added:
“All affected pools have been drained or white hacked, and the team is assessing the situation with affected teams.”
Curve Finance (CRV) Price Drops 17% after Exploit
Since the issue surfaced, Curve Finance’s CRV token has experienced a decline of approximately 15% and is currently trading at around 63 US cents. CRV is utilized as collateral on Aave, a decentralized lending platform. Despite the slide in CRV, Gauntlet’s Chitra mentioned that there have been no indications of “bad loans” on the Aave platform. In the last 24 hours, Aave’s token has also seen a decrease of around 4%, according to CoinGecko data.
The Curve Finance incident has put selling pressure across the broader cryptocurrency market. Bitcoin and Ether, two prominent digital assets, experienced slight fluctuations due to concerns about potential broader impacts. However, they later stabilized, with Bitcoin holding steady at approximately $29,450 and Ether remaining at $1,870.
In 2022, hackers stole a staggering $3.8 billion worth of cryptocurrencies, and Curve Finance was one of the affected organizations. Though the frequency of such incidents has decreased, the risk of security breaches remains a concern in decentralized finance (DeFi). DeFi relies on blockchain-based smart contracts for activities like trading and lending.