tokenist.com
Curve Finance, one of the largest decentralized exchanges (DEXs), lost roughly $70 million in digital asset funds following a series of hacks on its liquidity pools on Sunday. However, some of the attacks were executed by white hat hackers, suggesting that the damage could be lower. The exchange’s native CRV token fell 12.6% after the hack.
Actual Exploit Damage Likely Closer to $50 Million
Leading decentralized exchange Curve Finance sustained a major exploit on July 30, with hackers draining over $70 million in digital asset funds after launching several cyber attacks. CRV, the exchange’s governance and rewards token, tumbled more than 12.6% on the news.
The hack affected several liquidity pools, starting with JPEG’d’s pETH-ETH, from which the perpetrators stole over $11 million. The remaining four attacks exploited Alchemix’s alETH-ETH pool, Pendle’s pETH-ETH pool, Metronome’s msETH-ETH pool, and CRV/ETH pool twice, siphoning a total of over $70 million.
However, some of the attacks were reportedly initiated by white hat hackers, alleging that the total amount exploited could amount to $50 million. Whitehat hackers refer to ethical computer security experts who identify and fix vulnerabilities in systems and networks, helping organizations improve their cybersecurity.
Curve team member “mimaklas” said on the exchange’s official Discord channel that “all affected pools have been drained or white hacked. All remaining pools are safe and unaffected by the bug.” Stablecoin swap markets were also not affected by the attacks.
Potential Contagion Effects
The multi-million dollar exploit sent shockwaves throughout the decentralized finance (DeFi) space, given that Curve is the second-largest and the most significant DEX, with $3 billion in liquidity.
The platform has become integral to DeFi infrastructure, primarily because it provides efficient exchange among stablecoins through its specialized automated market maker (AMM). Among other things, Curve offers low-cost swaps between stablecoin assets, thus enhancing liquidity provision and reducing slippage for DeFi users. This is crucial for stablecoin-focused DeFi applications and yield farming strategies.
For that reason, many in the DeFi community are worried about potential contagion effects from the hack. Although there are no confirmed knock-on effects, one particular asset that could suffer from the attacks is Curve Finance founder Michael Egorov’s $60 million Aave V2 loan. The loan is excessively backed with CRV tokens, which would make it difficult for the protocol to liquidate and potentially lead to bad debt.
In your opinion, what was the primary target of these attacks on Curve? Let us know in the comments below.