Earlier this week on Sunday, July 30, Ethereum-based second-largest decentralized exchange Curve Finance faced a major exploit with hackers exploiting a bug in its programming language Vyper.
Following a recent hack on the platform, Curve's CRV coin experienced a significant drop of approximately 25% over the course of three days. Michael Egorov, the founder of Curve, has borrowed over $100 million using CRV as collateral for various crypto lending projects.
The concern is that further declines in CRV value could lead to losses and potentially trigger forced liquidations of the loan positions. If the liquidation levels are hit, it could lead to a domino effect in the broader decentralized finance (DeFi) market.
However, Egorov is confident that the DeFi industry will survive this incident. “We, and I personally, work on minimizing or eliminating the impact,” he wrote in an email. The curve founder also added that he is also planning to reduce his loans.
According to data from DeFi portfolio tracker DeBank, Egorov obtained a $63 million loan in the Tether stablecoin through the DeFi platform Aave. The loan is backed by over 300 million CRV tokens, which are currently valued at approximately $168 million. Ever since the hack on Sunday, July 30, the amount of crypto using the Curve Finance service, has dropped to $1.9 billion from $3.6 billion.
DefiLlama warns that a significant portion of the collateral is at risk of liquidation if the CRV token falls to 37.5 US cents. Meanwhile, Aave's native token has experienced a 14% drop in the past three days. Curve Finance is a crucial liquidity provider in DeFi, particularly for stablecoins. A security firm estimated that the recent hack on the protocol resulted in hackers obtaining $47 million.
The hack targeted four main liquidity pools, exploiting a vulnerability in Vyper, a programming language used in DeFi applications. DeFi relies on blockchain-based smart contracts instead of traditional intermediaries for activities like trading and lending, making security breaches a persistent concern.
Curve provides financial services like stablecoin borrowing, trading, and lending through smart contracts, eliminating the need for intermediaries. Users can earn up to 4% annual yields by depositing funds in the platform's various pools.
Unfortunately, a "re-entrancy" bug in Vyper, the programming language supporting parts of Curve, poses a risk to over $100 million worth of cryptocurrency. Hackers have drained several stablecoin pools on the platform used for pricing and liquidity in various DeFi services.
The reentrancy bug allows attackers to exploit smart contracts by making repeated calls to a protocol, enabling them to steal assets. Only pools using specific versions of Vyper (0.2.15, 0.2.16, and 0.3.0) are currently at risk among Curve's 232 different pools.