According to preliminary assessments, the anticipated losses are now in excess of $42 million, with assets worth $100 million at stake.
On Sunday, July 30, Curve Finance, the Ethereum-based second-biggest DEX after Uniswap, was the victim of a massive exploit. The exploit often occurred as a result of a weakness in its programming language Vyper.
A total of $100 million in digital assets are at risk as a result of the “re-entrancy” flaw uncovered in Vyper. Other stablecoin pools on the site utilized for pricing and liquidity for a variety of DeFi services have also been drained by hackers. Curve Finance’s official announcement (1) states:
As of today, the exact amount drained from Curve as a result of the attack is unknown. According to Twitter, BlockSec, a blockchain auditing firm, completed a preliminary review and estimated the total losses to be more than $42 million.
According to its website, Curve maintains 232 distinct pools. However, only pools using Vyper versions 0.2.15, 0.2.16, and 0.3.0 are vulnerable to the assault, as exposed by Mimaklas, a member of the team, in a Discord announcement. Mimaklas went on to say:
“All affected pools have been drained or white hacked, and the team is currently assessing the situation with affected teams.”
A number of stablepools (alETH/msETH/pETH) using Vyper 0.2.15 have been exploited as a result of a malfunctioning reentrancy lock. We are assessing the situation and will update the community as things develop.
Other pools are safe. https://t.co/eWy2d3cDDj
— Curve Finance (@CurveFinance) July 30, 2023
Curve Finance (CRV) price falls 17% following exploitation.
Curve Finance’s CRV coin has dropped around 15% since the issue was revealed, and it is now trading at around 63 US cents. Aave, a decentralized lending platform, uses CRV as collateral. Despite the drop in CRV, Gauntlet’s Chitra stated that there are no signs of “bad loans” on the Aave platform. According to CoinGecko data, Aave’s token has also dropped by roughly 4% in the previous 24 hours.
The Curve Finance issue has increased selling pressure in the Bitcoin market as a whole. Bitcoin and Ether, two important digital assets, witnessed minor movements as a result of fears about broader implications. However, they later steadied, with Bitcoin remaining at about $29,450 and Ether continuing at around $1,870.
In 2022, hackers stole $3.8 billion in cryptocurrency, and Curve Finance was one of the firms targeted. Despite a decrease in the frequency of such instances, the possibility of security breaches continues an issue in DeFi. For operations such as trading and lending, DeFi relies on blockchain-based smart contracts.