On July 30th, Curve Finance reported multiple attacks on some stablepool groups using the Vyper 0.2.15 programming language. The following day, on July 31st, reports emerged about vulnerabilities in deBridge and Ellipsis, resulting in a total loss of $26.76 million. The situation did not stop there, as the CRV/WETH pool also fell victim to an attack, resulting in the theft of over 7 million CRV tokens and 14 million USD worth of WETH.
Notably, the attacks occurred just before white-hat hackers initiated a campaign to rescue the affected liquidity pools by exploiting the reentrancy vulnerability on July 30th.
Immediately after news of the hacks spread, the largest crypto exchange in South Korea, Upbit, temporarily suspended CRV deposits and withdrawals to ensure the safety of its users.
However, the exact reasons for the chain of exploit incidents related to Curve’s liquidity pools are still unclear. Curve Finance is a decentralized trading platform optimized for stablecoin and other asset transactions. The Factory pool model allows projects or individuals to launch their own liquidity pools through Curve’s infrastructure.
The hack has caused panic in the DeFi ecosystem and triggered a wave of transactions from investors. Particularly, CRV’s liquidity has significantly decreased in recent months, leading to volatile price fluctuations for the token.
Following the hacking news, the price of CRV dropped by more than 17%. Currently, CRV is trading around $0.62 USD, experiencing a 15% decrease in the past 24 hours, with a Total Locked Value (TLV) of $4.3 billion USD. Investors and users should exercise caution and stay well-informed before engaging in transactions involving CRV and similar projects.