The Curve Finance Exploit
On July 30, stablecoin lending protocol, Curve Finance, experienced multiple exploits affecting some of its stable pools. The affected pools, including alETH, msETH, and pETH, were utilizing Vyper 0.2.15, a smart contract programming language designed for the Ethereum Virtual Machine (EVM). Curve attributed these breaches to a “malfunctioning reentrancy lock.”
Though Curve operates 232 diverse pools, only those employing the aforementioned Vyper versions were compromised. It reassured that crvUSD contracts and any pools featuring them remained unaffected.
The Returned Stolen Funds
CEO of Curve Finance, Michael Egorov, announced in a Telegram channel that the swap pool was drained of 32 million CRV tokens, equating to over $22 million. However, the overall losses are speculated to exceed $40 million.
This intrusion has led to the destabilization of the DeFi ecosystem, with many relying on Curve’s stable pools. Several DeFi protocols, including Ellipsis, Alchemix, and Metronome, also reported exploits in their stable pools.
On July 31, blockchain security firm PeckShield disclosed that the Curve exploiter had returned 2,879 ETH, approximately $5.4 million, to the protocol deployer address.
The Aftermath and CRV Price Crash
This latest exploit comes in the wake of recent similar attacks on Curve. Just last week, its Conic Finance omnipool was exploited for $3.6 million in Ethereum through a reentrancy attack.
Since the exploit, the total value locked in Curve Finance has plunged 43%, falling from $3.26 billion to $1.87 billion, as per data from DeFiLlama.
The value of Curve’s native token, CRV, fell by 18% immediately following the attack. As of now, CRV is trading at $0.621, representing a 15% drop in the last 24 hours. Over the past two weeks, CRV has seen a significant depreciation of 23%. This leaves CRV down a staggering 96% from its all-time high of $15.37 in August 2020.
The recent bear market has significantly affected tokens within the DeFi ecosystem, with many experiencing an 80-90% drop from their peak price levels.
The story continues to develop and further clarity is expected with the release of post-mortems.
Conclusion
In a world where blockchain security breaches have become alarmingly common, it’s noteworthy when hackers return stolen funds, even if only partially. However, the damage to Curve Finance and its token’s value is substantial, serving as a sobering reminder of the potential risks associated with the DeFi ecosystem.