Curve Finance, a popular decentralized finance (DeFi) platform, recently experienced a security breach that resulted in the loss of millions of dollars. The exploit targeted several stable pools that were using the Vyper programming language for the Ethereum Virtual Machine. Curve Finance quickly alerted its users about the incident and confirmed that only pools using specific versions of Vyper were affected.
The hacker managed to drain 32 million CRV tokens, valued at over $22 million, from the swap pool. However, the total losses were estimated to be much higher, exceeding $40 million. This attack has had a significant impact on the DeFi ecosystem, as many protocols rely on Curve’s stable pools. Other platforms, including Ellipsis, Alchemix, and Metronome, also reported similar exploits on their stable pools.
A reentrancy attack, which allows a computing procedure to be interrupted and reentered before previous invocations are completed, was the method used in this breach. However, on July 31, the hacker returned 2,879 ETH (approximately $5.4 million) to the protocol deployer address, according to PeckShield.
Since the incident, Curve Finance’s total value locked has plummeted by 43%, dropping from $3.26 billion to $1.87 billion, as reported by DeFiLlama. Additionally, the native token of Curve Finance, CRV, experienced a significant price drop. In the hours following the attack, CRV dumped 18% and continued to lose value, resulting in a 15% decrease over the past 24 hours. CRV has been struggling recently, with a 23% drop in the last two weeks and a staggering 96% decrease from its all-time high in August 2020.
It is important to note that this story is still developing, and more information will be available once post-mortems are conducted. The DeFi ecosystem has been hit hard in this bear market, with many tokens experiencing substantial losses from their peak price levels.
Overall, the security breach at Curve Finance has had a significant impact on the platform and the wider DeFi community. As the investigation continues, it is crucial for users and investors to stay informed and exercise caution in the decentralized finance space.