LUCKNOW (CoinChapter.com) — On July 30, Curve Finance lost over $47 million worth of crypto assets in an exploit targeting stablecoin pools.
First discovered by security firm Ancilia, the hack involved the depletion of the funds stored in 460 smart contracts. Curve Finance confirmed the exploit afterward, ensuring customers that its “other pools are safe.”
According to the initial investigation, certain versions of the Vyper compiler failed to implement the reentrancy guard correctly.
For the unversed: the reentrancy guard is a mechanism designed to prevent multiple functions from being executed simultaneously by locking a contract. This flaw opened the door to reentrancy attacks, potentially enabling malicious actors to drain all funds from a contract.
Vyper is a contract-oriented programming language targeting the Ethereum Virtual Machine (EVM). Notably, its similarities to Python make it an attractive starting point for Python developers venturing into the world of Web3.
DeFi Projects Suffer Significant Losses; White Hats Engage in Rescue Operation
Numerous decentralized finance (DeFi) projects have fallen victim to the exploit.
Ellipsis, a decentralized exchange, reported exploitation in a few stable pools with BNB using an outdated Vyper compiler. Alchemix’s alETH-ETH witnessed an outflow of $13.6 million, while JPEGd’s pETH-ETH pool saw $11.4 million exploited.
Meanwhile, Metronome’s sETH-ETH pool suffered losses of $1.6 million. Curve Finance CEO Michael Egorov later confirmed that the swap pool drained 32 million CRV tokens, amounting to over $22 million.
The exploit triggered widespread panic throughout the DeFi ecosystem. It led to a surge of transactions across pools and prompted a rescue operation by white hat hackers.
CoinMarketCap data revealed that due to the Curve Finance hack, its utility token, Curve DAO (CRV), experienced a decline of over 5%. The drop in CRV’s liquidity in recent months made it susceptible to significant price fluctuations.
DeFi Sector Faces Escalating Attacks, Security Concerns Raised
Curve Finance is a prominent DeFi protocol that facilitates the decentralized exchange of stablecoins within the Ethereum network.
Unfortunately, this is not the first time the platform has faced security issues within its ecosystem. A few days prior, Conic Finance’s omnipool platform suffered exploitation, resulting in the theft of $3.26 million in Ether.
In a single transaction, the hackers sent most of the stolen funds to a new Ethereum address.
The DeFi sector has been a frequent attack target over the past few months—a recent report by De.Fi, a Web3 portfolio app, revealed that hackers stole over $204 million through DeFi hacks and scams in the second quarter of 2023 alone.
