Curve Finance Vulnerability Exposes $100M+ Worth of Crypto; CRV Token Plummets
A vulnerability in the popular decentralized finance (DeFi) protocol Curve Finance has caused funds to be drained from a number of the protocol’s liquidity pools, while roughly $100 million remains at risk.
In a tweet from Sunday, the Curve team said that “a number” of its pools that uses version 0.2.15 of the Vyper programming language have been exploited due to “a malfunctioning reentrancy lock.”
“We are assessing the situation and will update the community as things develop,” the team added.
A number of stablepools (alETH/msETH/pETH) using Vyper 0.2.15 have been exploited as a result of a malfunctioning reentrancy lock. We are assessing the situation and will update the community as things develop.
— Curve Finance (@CurveFinance) July 30, 2023
Other pools are safe. https://t.co/eWy2d3cDDj
In a follow-up tweet on Monday, the Curve team listed all pools that have been hacked so far as result of the vulnerability.
It also warned users to withdraw all funds held in the Arbitrum Tricrypto pool, which holds USDT, WBTC and ETH tokens.
Just in case the hacker can outsmart top auditors and vyper devs
— Curve Finance (@CurveFinance) July 31, 2023
As of now, as much as $100 million worth of crypto remains at risk in the mentioned Curve pools, representing a significant risk for the entire protocol’s reputation.
Curve Finance, which is a decentralized exchange (DEX) for stablecoins that uses the automated market maker (AMM) model to manage liquidity, has traditionally been seen as one of the most solid projects in crypto.
CRV token plummets
Following the recent events, however, the price of Curve Finance’s native CRV token has plummeted in the market.
As of press time on Monday, the token was down 12% for the past 24 hours alone, and down more than 15% for the past 7 days.
Over the past 12 months, the CRV token has lost more than half of its value, while other major cryptoassts like Bitcoin (BTC) and Ether (ETH) have risen in price.
The vulnerability pointed to by Curve is the same type of vulnerability as DeFi protocols Era Lend and Conic Finance said was responsible for draining funds from them last week.
Already, a white hat hacker has recovered 2,870 ETH, worth around $5.4 million, to Curve Finance following the recent hacking incidents.
- [LIVE] Fed Payments Innovation Conference: Real-Time Updates as Federal Reserve Discusses Crypto, Stablecoins, and AI with Industry Leaders
- Crypto Market Prospect: After the Washout, the Soil Looks Richer
- China’s DeepSeek AI Predicts the Price of XRP, BTC, and DOGE By the End of 2025
- [LIVE] Crypto Market Update: Bank of Japan Raises Rates by 25 bps; Crypto Markets Extend Slide as BTC Breaks Below $86K
- Bitcoin Price Prediction: Fundstrat Tells Clients to Brace for a $60K Bitcoin Correction Next Year
2M+
250+
8
70
- [LIVE] Fed Payments Innovation Conference: Real-Time Updates as Federal Reserve Discusses Crypto, Stablecoins, and AI with Industry Leaders
- Crypto Market Prospect: After the Washout, the Soil Looks Richer
- China’s DeepSeek AI Predicts the Price of XRP, BTC, and DOGE By the End of 2025
- [LIVE] Crypto Market Update: Bank of Japan Raises Rates by 25 bps; Crypto Markets Extend Slide as BTC Breaks Below $86K
- Bitcoin Price Prediction: Fundstrat Tells Clients to Brace for a $60K Bitcoin Correction Next Year
More Articles
in numbers
