According to the initial report, the exploit in Curve Finance’s Vyper programming language resulted in losses of $24 million dollars.
Curve DAO (CRV), the native cryptocurrency of one of the leading decentralized finance exchanges, has experienced a price collapse following a significant exploit on the DeFi platform caused by a programming language vulnerability.
Like other DeFi projects in the cryptocurrency space, Curve Finance relies on various decentralized applications constructed on blockchain technology. Curve tweeted on Sunday, July 30, that the vulnerability affected a specific variant of its Vyper programming language. It stated:
A number of stablepools (alETH/msETH/pETH) using Vyper 0.2.15 have been exploited as a result of a malfunctioning reentrancy lock. We are assessing the situation and will update the community as things develop. Other pools are safe.
PSA: Vyper versions 0.2.15, 0.2.16 and 0.3.0 are vulnerable to malfunctioning reentrancy locks. The investigation is ongoing but any project relying on these versions should immediately reach out to us.
— Vyper (@vyperlang) July 30, 2023Curve Finance provided additional clarification by underscoring the primary cause of the issue, which was the combination of the affected Vyper version and the use of pure ETH. In addition, they specified that crvUSD contracts and associated pools are unaffected.
Curve Finance (CRV) Exploit
The Curve DAO (CRV) price experienced significant selling pressure following the disclosure of the exploit. At the time of publication, the CRV token is trading 16% lower at $0.6135 with a market valuation of $545 million.
BlockSec, a corporation that verifies the security of crypto software, estimates that the hack has resulted in losses exceeding $40 million. According to Tarun Chitra, CEO of Gauntlet, a company that evaluates crypto risks, the perpetrator stole approximately $20 million worth of CRV (a crypto token) and a version of Ether (another cryptocurrency).
After Uniswap, Curve Finance is the largest DeFi exchange. Aave, a decentralized lender, employs CRV as collateral. Additionally, Chitra from Gauntlet stated that they had not observed any indications of “bad loans” on the Aave platform due to the decline in CRV.
According to CoinGecko data, the value of Aave’s token has decreased by roughly 4% over the past 24 hours.
