/

Curve Finance Exploitation Causes $47 Million Losses in DeFi’s Latest Security Breach

Vyper, known for its Pythonic characteristics, has been a popular choice for Python developers entering the world of Web3.

On July 30th, a significant security breach occurred on Curve Finance, a decentralized finance (DeFi) platform, resulting in the exploitation of several stable pools and causing losses exceeding $47 million.

The exploit was related to vulnerabilities in Vyper, a contract-oriented programming language utilized on the Ethereum Virtual Machine (EVM), specifically affecting versions 0.2.15, 0.2.16, and 0.3.0.

Vyper, known for its Pythonic characteristics, has been a popular choice for Python developers entering the world of Web3.

However, the investigation revealed that the affected versions failed to implement the reentrancy guard correctly.

This guard is crucial in preventing multiple functions from executing simultaneously, thereby safeguarding contracts from reentrancy attacks, which can deplete all funds from the contract.

Ancilia, a security firm, analyzed the affected contracts and reported that 136 contracts were using Vyper 0.2.15 with reentrant protection, 98 contracts used Vyper 0.2.16, and 226 contracts used Vyper 0.3.0. Vyper urged all projects relying on these versions to reach out immediately for further guidance and support.

Several DeFi projects were impacted by the exploit. For instance, decentralized exchange Ellipsis reported the exploitation of a small number of stable pools with BNB using an outdated Vyper compiler.

Additionally, Alchemix’s alETH-ETH witnessed an outflow of $13.6 million, while JPEGd’s pETH-ETH pool suffered an $11.4 million loss, and Metronome’s sETH-ETH pool lost $1.6 million.

READ MORE: Pro-XRP Lawyer Alleges SEC’s Actions Driven by Safeguarding Corporate Capitalism

Moreover, Curve Finance’s CEO, Michael Egorov, confirmed that over $22 million worth of CRV tokens (32 million CRV tokens) were drained from the swap pool in a Telegram channel.

The security breach sent shockwaves through the DeFi ecosystem, leading to a flurry of transactions across pools and prompting white hat hackers to launch a rescue operation.

As a consequence of the news, Curve DAO (CRV), the utility token for Curve Finance, experienced a decline of over 5% in value, as reported by CoinMarketCap.

CRV’s liquidity had already dwindled in previous months, making it susceptible to significant price fluctuations.

Despite the severity of the attack, certain pools like crvUSD contracts remained unaffected.

Nevertheless, this incident added to a series of attacks and incidents that have targeted the Curve Finance ecosystem.

Just days prior to this breach, Conic Finance, a platform built on Curve Finance’s omnipool, was exploited, resulting in a theft of $3.26 million in Ether (ETH).

The DeFi space has faced numerous attacks and scams in recent months, with a staggering $204 million reportedly swindled in the second quarter of 2023 alone, according to a report by De.Fi, a Web3 portfolio app.

These incidents highlight the importance of robust security measures and continual efforts to fortify DeFi protocols against potential threats.

Other Stories:

Kyrgyzstan Expands Cryptocurrency Mining with Government Backing at Hydro Power Plant

French Data Protection Agency Investigates Worldcoin

Worldcoin’s Iris Scanning Project Raises Privacy and Sovereignty Concern

No information published in Crypto Intelligence News constitutes financial advice; crypto investments are high-risk and speculative in nature.