Curve Emergency DAO Is Ending Rewards for Hacking-Related Pools
Curve Emergency DAO removed CRV reward for pools like alETH, msETH, pETH, crvCRVETH, Arbitrum Tricrypto and multiBTC.
According to an Aug. 2 social media post, a member of Curve’s board of directors has Curve Finance’s lending protocols for select governance token rewards discontinued liquidity pools affected by the July 30 Curve exploit and the July 6 multichain exploit.
According to a member of the Curve DAO governing body, the Curve Emergency Decentralized Autonomous Organization (Curve DAO) was responsible for the discontinuation of the rewards. According to the announcement, pools for alETH+ETH msETH ETH pETH ETH crvCRVETH Arbitrum Tricrypto multibtc3CRV were affected. Going forward, the decision may be overturned by a vote of all Curve DAO members.
Curve E-DAO member Gabriel Shapiro announced the change.
ATTENTION, FROM A CURVE E-DAO SIGNER:
The @CurveFinance emergency multisig has terminated CRV rewards (gauges) to the liquidity pools affected by recent exploits, including pools affected by the recent Vyper compiler exploit and the multiBTC pool affected by the recent…
— _gabrielShapir0 (@lex_node) August 2, 2023
Multichain’s team said the withdrawals were “abnormal” and so were the users should do stop using multichain. The Curve team at the time warned users not to exit “multichain assets like multiBTC” (including the pool), implying that its own multibtc3CRV liquid pool was at risk from the multichain event.
The Multichain team announced on July 14 that the withdrawals were caused by an unidentified individual who had gained access to its CEO’s cloud computing account, meaning the funds may never be recovered .
Curve Finance was also attacked on July 30th. The exploit resulted in the loss of over $47 million worth of cryptocurrencies. Attacked pools such as alETH, msETH, and pETH were affected because they were built using the Vyper protocol that contained the vulnerability. The other Curve pools not created with the Vyper protocol were not affected.
Despite the exploits, the affected pools produced rewards for Curve DAO Governance Tokens (CRV). Users can still deposit tokens to earn CRV. Shapiro said in the Aug. 8 announcement that the emergency DAO has now removed these rewards to “not encourage further participation in compromised pools.”
Investors continued to be victims of hacks and scams throughout July and August. Alphapo, a payment processor, reportedly lost $60 million in an attack on its hot wallet keys in July. Although the company has not confirmed the alleged hack, on-chain investigators believe the abnormal transmissions are likely the result of an attack. A read-only re-entry flaw was exploited on July 25 to steal $3.4 million from zkSync.
