Curve Finance Exploit Endangers Over $100 Million in Cryptocurrencies; CRV Token Falls

According to a project tweet, Curve, the stablecoin exchange that forms the core of decentralized finance (DeFi) using ⁣Ethereum, has been the‌ victim ⁣of a hack.

A “re-entry bug” in Vyper ⁣(a programming language that powers parts of the Curve ⁣system) could put⁢ up⁢ to $100 million worth of cryptocurrencies at risk. Hackers have drained multiple ⁢stablecoin pools used to price and provide liquidity ⁤for various DeFi services.

The same ⁣vulnerability could affect⁢ other projects using the Vyper ⁢language.

At the time of publication, it was not⁤ clear how ​much money was being drained from Curve by this attack. BlockSec — a blockchain auditing firm — estimated total losses at ⁢over $42,000,000 in ⁤a Twitter post.

According to Curve’s website, the company‌ operates 232 pools. However,‌ only pools using Vyper versions 0.2.2, 0.2.26, and ⁢0.3.0 are at risk. This was confirmed by ​mimaklas in a Discord message.

Mimaklas said: “All affected ⁣pools were either chopped or drained. The​ team is currently assessing the current situation with affected teams.”

The heist has destabilized ⁤the trading markets ⁤of Curve DAO’s native CRV tokens, which are down 17% on the day and at $0.61 at press time lay. This price move ‍threatened to create more chaos as it forced the liquidation of the founder’s $70 million loan position at⁣ Aave.

UPDATE: July 30, 2023 at 21:25 UTC Adds more information