- 1 Curve Finance, a globally known decentralized exchange, was exploited on July 30, 2023.
- 2 PeckShield, a blockchain security firm, confirmed the amount was $50 Million.
Curve Finance, a globally popular decentralized exchange (DEX), announced on July 31st’ morning that despite Ethereum pools, an Arbitrum-based liquidity pool may have also been “potentially affected’ over the weekend.
As per available data, Curve Finance faced an exploit on July 31 for over $24 Million. Moreover, PeckShield, a blockchain security firm, also confirmed the theft and revealed that the estimated amount wiped out was $50 Million.
The DEX informed in its Twitter post that three liquidity pools for tokens paired with Ethereum, Curve governance token CRV, and several ERC-20 issued with Metronome Synth, Alchemix, and JPEG’d because of the issue in Vyper compiler versions.
As a result of an issue in Vyper compiler in versions 0.2.15-0.3.0, following pools were hacked:
— Curve Finance (@CurveFinance) July 31, 2023
crv/eth
aleth/eth
mseth/eth
peth/eth
Another pool potentially affected is arbitrum’s tricrypto. Auditors and Vyper devs could not find a profitable exploit, but please exit that one
A lead developer of the victim firm wrote on Twitter that hackers had spent at least a week and a maximum of a month to figure out the loophole. A recent tweet from the Curve community notes that another knock-on effect on the Vyper-based liquidity pool is its deployment on the Arbitrum layer- 2 solutions.
The worst thing about the Curve hack is this is not something a typical researcher would have looked for, they dug *deep* in our release history to find an exploitable issue for a large protocol with many millions at stake
— señor doggo 🏴🏴☠️ in his wartime ceo era (@fubuloubu) July 31, 2023
This took a significant amount of time to identify
According to the community Tricrypto, made of three tokens: USDC, wBTC, and ETH, was potentially affected. In their tweets, security experts like auditors and Vyper developers have discovered that the hack isn’t profitable.
Following the hack, Upbit temporarily suspended CRV token withdrawals and deposits. The instant decision to suspend the withdrawals is a precautionary measure to avoid any incident.
Crypto Hack in 2023
Since the beginning of 2023, crypto hacks have significantly increased, despite Curve Finance Poly Network being the most recent victim of hackers. On July 3, 2023, TheCoinRepublic reported that the Poly Network hack had affected around 57 crypto assets on ten blockchains, including Ethereum, Avalanche, Heco, OKX and Metis, and numerous others.
Although the amount that was wiped out in the hack has not been specified, as per PeckShield’s statement, hackers transferred around $5 Million worth of crypto tokens.
The Poly Network community revealed on the morning of June 3 that the team has already initiated communication with centralized crypto exchanges and law enforcement departments and that it has sought their assistance.
On June 17, a San-Francisco based startup announced an alert for users while addressing the issue. All users comprising the $600K will revoke the regretted amount.
In a tweet, the firm also added that the Hashflow was not impacted and will remain fully operational. It will soon reveal the reason behind it.
Many crypto analysts and market watchers claim that bad actors mostly see scope in unethical hacking and believe that the best way to get rich is to commit fraud and scams.
Disclaimer
The views and opinions stated by the author, or any people named in this article, are for informational ideas only and do not establish financial, investment, or other advice. Investing in or trading crypto assets comes with a risk of financial loss.