Curve Finance Vulnerability Exposes Over $100M Worth of Crypto; CRV Token Plummets

 

 

 

More than $100 million worth of cryptocurrency is currently in jeopardy due to a critical vulnerability known as the "re-entrancy" bug found in Vyper, a programming language utilized to operate certain components of the Curve system. Hackers have already exploited this flaw, causing severe damage by draining several stablecoin pools on the platform. These pools play a crucial role in determining pricing and maintaining liquidity for various DeFi services, amplifying the impact of the attack.

 

Other projects utilizing the Vyper programming language may also be susceptible to this vulnerability.

 

At the time of reporting, the exact amount siphoned from Curve due to the attack remained uncertain. However, BlockSec, a reputable blockchain auditing firm, took to Twitter to release their preliminary analysis, estimating the total losses to exceed $42 million.

 

Curve, as mentioned on its website, oversees an impressive array of 232 different pools. Nevertheless, the team member mimaklas, through a Discord announcement, clarified that the vulnerability only affects pools utilizing Vyper versions 0.2.15, 0.2.16, and 0.3.0.

 

Mimaklas also said that "all affected pools have been drained or white hacked, and the team is assessing the situation with affected teams."

 

 

The heist had a profound impact on the trading markets for Curve DAO's native CRV token, causing a significant drop of 17% in its value, reaching $0.61 at the time of the incident. This sudden price decline posed a serious threat, as it had the potential to worsen the already chaotic situation by potentially leading to the liquidation of the founder's $70 million borrowing position on Aave.