DeFi Platform Curve Finance Faces Major Exploit, $100M of Assets at Risk

As per the preliminary audits, the estimated losses are already north of $42 million with assets worth $100 million under risk.

Bhushan Akolkar By Bhushan Akolkar Julia Sakovich Edited by Julia Sakovich Updated 2 mins read
DeFi Platform Curve Finance Faces Major Exploit, $100M of Assets at Risk
Photo: Depositphotos

Curve Finance, the Ethereum-based second-largest decentralized exchange (DEX) after Uniswap, suffered a major exploit on Sunday, July 30. The exploit happened typically due to a vulnerability in its programing language Vyper.

Due to the “re-entrancy” bug discovered in Vyper, a total of $100 million worth of digital assets are at risk. The hackers have also drained other stablecoin pools on the platform used for pricing and liquidity for a number of different DeFi services. The official announcement from Curve Finance notes:

“A number of stablepools (alETH/msETH/pETH) using Vyper 0.2.15 have been exploited as a result of a malfunctioning reentrancy lock. We are assessing the situation and will update the community as things develop. Other pools are safe.”

As of now, the exact amount drained from Curve due to the attack remains uncertain. BlockSec, a blockchain auditing firm, conducted a preliminary analysis and estimated the total losses to be above $42 million, as mentioned on Twitter.

Curve runs 232 different pools, according to its website, but only pools utilizing Vyper versions 0.2.15, 0.2.16, and 0.3.0 are vulnerable to the attack, as disclosed by mimaklas, a member of the team in a Discord announcement. Mimaklas further added:

“All affected pools have been drained or white hacked, and the team is assessing the situation with affected teams.”

Curve Finance (CRV) Price Drops 17% after Exploit

Since the issue surfaced, Curve Finance’s CRV token has experienced a decline of approximately 15% and is currently trading at around 63 US cents. CRV is utilized as collateral on Aave, a decentralized lending platform. Despite the slide in CRV, Gauntlet’s Chitra mentioned that there have been no indications of “bad loans” on the Aave platform. In the last 24 hours, Aave’s token has also seen a decrease of around 4%, according to CoinGecko data.

The Curve Finance incident has put selling pressure across the broader cryptocurrency market. Bitcoin and Ether, two prominent digital assets, experienced slight fluctuations due to concerns about potential broader impacts. However, they later stabilized, with Bitcoin holding steady at approximately $29,450 and Ether remaining at $1,870.

In 2022, hackers stole a staggering $3.8 billion worth of cryptocurrencies, and Curve Finance was one of the affected organizations. Though the frequency of such incidents has decreased, the risk of security breaches remains a concern in decentralized finance (DeFi). DeFi relies on blockchain-based smart contracts for activities like trading and lending.

Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to deliver accurate and timely information but should not be taken as financial or investment advice. Since market conditions can change rapidly, we encourage you to verify information on your own and consult with a professional before making any decisions based on this content.

Aave News, Altcoin News, Blockchain News, Cryptocurrency News, Cybersecurity News, News
Bhushan Akolkar

Bhushan is a FinTech enthusiast and holds a good flair in understanding financial markets. His interest in economics and finance draw his attention towards the new emerging Blockchain Technology and Cryptocurrency markets. He is continuously in a learning process and keeps himself motivated by sharing his acquired knowledge. In free time he reads thriller fictions novels and sometimes explore his culinary skills.

Bhushan Akolkar on X