Curve Finance suffers $24 million exploit due to reentrancy bug

by Jul 31, 2023CryptoNews0 comments

Curve Finance, a popular decentralized finance (DeFi) protocol for stablecoin trading, has been hit by an exploit that resulted in over $24 million worth of losses.

The exploit occurred on July 30 and affected several stable pools on Curve Finance that used Vyper, a programming language for smart contracts. According to Vyper, some versions of its compiler had a reentrancy bug that allowed attackers to drain funds from the pools.

Reentrancy is a type of vulnerability that allows an attacker to call a function multiple times before the first execution is finished, leading to unexpected outcomes. In this case, the attacker was able to withdraw more funds than they deposited, bypassing the reentrancy guard implemented by Vyper.

The affected pools included alUSD, sUSD, pBTC, and renBTC. The attacker managed to steal $13.6 million from Alchemix’s alUSD pool, $11.4 million from JPEGd’s sUSD pool, and smaller amounts from the other pools.

Curve Finance confirmed the exploit on Twitter and advised users to avoid using the affected pools until further notice. The team also said that they were working with security experts and white hat hackers to recover the funds and prevent further attacks.

The exploit had a negative impact on the price of CRV, the native token of Curve Finance, which dropped by 17% on the day and was trading at $0.61 at the time of writing.

This is not the first time that Curve Finance has been exploited. In February, an attacker used a flash loan to manipulate the price of DAI and sUSD on Curve Finance and stole $2.5 million from bZx’s Fulcrum protocol.

See also  US Sanctions Ethereum Mixer Tornado Cash for Helping North Korean Hackers Launder Crypto

The exploit also highlights the risks of using Vyper as a programming language for smart contracts. Vyper is a Python-like language that aims to be simple and secure, but has been criticized for being immature and poorly audited. In November 2020, Vyper was removed from the Solidity compiler due to security issues.

The exploit also raises questions about the regulation and security of DeFi protocols, which have been growing rapidly in popularity and value. According to DeFi Pulse, the total value locked in DeFi protocols has reached over $80 billion, making them attractive targets for hackers and scammers.

Recent News

Recent Posts

Disclaimer: The information provided on this website is for informational purposes only. We strive to ensure the accuracy and reliability of the content, but we make no representations or warranties of any kind, express or implied, regarding the completeness, accuracy, reliability, suitability, or availability of the information. The use of this website is solely at your own risk.
We do not endorse or promote any specific cryptocurrencies, projects, exchanges, or investments mentioned on this website. The inclusion of any external links does not imply endorsement or recommendation.
Please note that the cryptocurrency market is highly volatile and involves substantial risks. You should carefully consider your own financial situation and risk tolerance before engaging in any cryptocurrency-related activities.

Related Post


Submit a Comment

Your email address will not be published. Required fields are marked *