Hassan Maishera
TL;DR
-
Curve Finance has suffered an exploit, with $100 million worth of tokens currently at risk.
-
CRV has dipped by more than 12% over the past 24 hours following the exploit announcement.
Curve Finance Suffers An Exploit
Curve, a stablecoin exchange on the Ethereum network, is the victim of an exploit. This is according to a tweet from the developers over the weekend.
A number of stablepools (alETH/msETH/pETH) using Vyper 0.2.15 have been exploited as a result of a malfunctioning reentrancy lock. We are assessing the situation and will update the community as things develop.
— Curve Finance (@CurveFinance) July 30, 2023
Other pools are safe. https://t.co/eWy2d3cDDj
According to the team, more than $100 million worth of cryptocurrencies is at risk due to a “re-entrancy” bug in Vyper, a programming language used to power parts of the Curve system.
Curve Finance added that numerous stablecoin pools on the platform had been drained by the attackers so far. Some projects that use the Vyper programming language could be exposed to the same vulnerability.
At the moment, it remains uncertain how much has been stolen from Curve as a result of the attack. According to BlockSec, a blockchain auditing firm, the estimated total losses currently stand above $42 million.
Curve is a leading DeFi platform, as it operates 232 different pools. However, only pools using Vyper versions 0.2.15, 0.2.16 and 0.3.0 are at risk. The affected pools have been drained or white hacked.
The Curve team is currently assessing the situation with the affected teams.
The attack has seen CRV, Curve DAO’s native token, lose more than 12% of its value over the past 24 hours. At press time, the price of CRV stands at $0.6451 per token.
