Curve Finance, the lending protocol, has made significant changes following recent exploits and attacks.
As per an announcement on August 2nd, the protocol’s governing body revealed that it has terminated governance token rewards for certain liquidity pools affected by the July 30 Curve exploit and the July 6 Multichain exploit.
The decision to end rewards was executed by the Curve emergency decentralized autonomous organization (Curve E-DAO), which comprises selected members of the Curve DAO governing body.
The affected pools include alETH+ETH, msETH-ETH, pETH-ETH, crvCRVETH, Arbitrum Tricrypto, and multibtc3CRV. However, the governing body stated that this decision could be overridden in the future through a full vote of the Curve DAO.
The announcement was made by Gabriel Shapiro, a member of Curve E-DAO. The July 6 Multichain exploit saw the withdrawal of over $100 million worth of cryptocurrency from several bridges connected to the Multichain protocol.
The Multichain team deemed these withdrawals as “abnormal” and urged users to stop using their platform.
In response to this incident, the Curve team advised its users to withdraw assets such as multiBTC to safeguard their multibtc3CRV liquidity pool, which was at risk due to the Multichain exploit.
On July 14, the Multichain team attributed the withdrawals to an unknown individual who gained unauthorized access to their CEO’s cloud computing account.
This indicated that the funds had been exploited and might not be recoverable.
READ MORE: Binance CEO CZ Unveils Plan to Launch Smaller Algorithmic Stablecoins
Subsequently, on July 30, Curve Finance itself became the target of a reentrancy attack, leading to the loss of over $47 million in cryptocurrency.
The attack impacted the alETH, msETH, and pETH pools, which were created using the Vyper protocol containing the vulnerability. Pools created through methods other than Vyper were unaffected by the exploit.
Despite these incidents, the affected pools were still generating Curve DAO (CRV) governance token rewards, allowing users to continue depositing their tokens and earning CRV.
However, in the recent announcement, Gabriel Shapiro emphasized that the emergency DAO has now halted these rewards to prevent further incentivization of participation in compromised pools.
Unfortunately, the crypto space has seen a slew of hacks and scams in July and August. Payment provider Alphapo allegedly lost over $60 million on July 23 due to an attacker gaining access to its hot wallet private keys.
While the company has not confirmed the attack, experts have noted abnormal transfers suggesting a possible hack.
Furthermore, on July 25, zkSync fell victim to an exploit worth $3.4 million due to a read-only reentrancy bug.
Given the ongoing security challenges, the crypto community remains vigilant to protect users and assets from potential threats.
Other Stories:
U.S. Judge Denies Motion to Dismiss SEC Lawsuit Against Terraform Labs
Decentralized Exchange on Coinbase’s Base Network Pauses Trading Amidst Concerns of Exploit
IRS Issues New Ruling: U.S. Crypto Investors Must Report Staking Rewards as Gross Income
