31.07.2023
Mirjan Hipolito
Cryptocurrency and stock expert
31.07.2023

Curve Finance Reveals More Damages from Vyper Vulnerability Exploit

Curve Finance Reveals More Damages from Vyper Vulnerability Exploit Curve Finance Reveals More Damages from Vyper Vulnerability Exploit

Curve Finance, a significant player in the decentralized finance ecosystem, has fallen prey to a crypto exploit, jeopardizing a substantial $100 million in user funds stored in the platform. 

The exploit, executed through a reentrancy attack on the Vyper contract-oriented programming language, managed to siphon an estimated $52 million worth of customer funds.

A reentrancy attack permits untrusted parties to execute external code on a smart contract, taking advantage of its vulnerability. 

According to an updated report published on Decrypt, an Arbitrum-based liquidity pool may have been affected by the recent attack. The platform had earlier stated that several Ethereum-based liquidity pools were potentially compromised.

In a tweet posted on July 31, Curve Finance disclosed that the following pairs were hacked: crv/eth, Alchemix alETH/eth, Metronome Synth msETH, and JPEG’d pETH/eth from the vulnerability was present in Vyper compiler versions 0.2.15 to 0.3.0. 

Furthermore, the Tricrypto pool on Arbitrum, housing major cryptocurrencies USDC, ETH, and wBTC, might have been compromised, although auditors found no fault during their audit.

A leading contributor to the programming language suspects that hackers dedicated weeks to months to identify the vulnerability in the code.

In an attempt to mitigate the extent of the hack, an ethical hacker under the username "c0ffeebabe.eth" managed to recover 2,879 ETH, as reported by CoinTelegraph.

The recovered funds are estimated to be worth $5.4 million at current prices, and have been returned to Curve Finance's deployer address.

However, in the wake of the hack, several Twitter accounts impersonating Curve Finance, some with alleged paid blue checks, have emerged. 

These accounts are promoting a fake refund scheme, adding to the already troubling situation for affected users.

Following the breach, Curve Finance's native token under the ticker ‘CRV’ experienced significant price fluctuations on South Korea's Bithumb exchange. 

The CRV/KRW pair surged by 500% during the session, reaching $4.36, while the CRV/USD pair on the same platform dropped by 15% after the attack, demonstrating a diverging scenario that emerged from the incident.

This material may contain third-party opinions, none of the data and information on this webpage constitutes investment advice according to our Disclaimer. While we adhere to strict Editorial Integrity, this post may contain references to products from our partners.