Scam Alert

White Hacker Returns $5.4M To Curve Finance Protocol After The Exploit

Key Points:

  • The MEV Bot deployer returned $5.4 million worth of ETH to Curve Finance voluntarily, helping to mitigate the damages caused by the exploit.
  • Curve Finance suffered a $52 million loss due to an attack caused by a Vyper recursive lock failure affecting certain versions of the Ethereum programming language.
  • DeFi protocols, including Alchemix, are taking precautionary measures after the vulnerability was discovered.
In a recent incident, the decentralized finance (DeFi) protocol Curve Finance faced an attack that resulted in a loss of $52 million from its stablecoin pool alETH/msETH/pETH. The attack was attributed to a vulnerability found in certain versions of Vyper, an Ethereum Virtual Machine (EVM) contract programming language.

The exploit, caused by a Vyper recursive lock failure, affected versions 0.2.15, 0.2.16, and 0.3.0 of the language. Due to this critical vulnerability, various DeFi protocols have been subjected to a stress test as security agencies are closely monitoring the situation.

During the attack, multiple liquidity pools on Curve Finance, including aETH/ETH, msETH/ETH, pETH/ETH, and CRV/ETH, were targeted by the attackers. The malicious actors managed to drain these pools entirely using the reentrancy lock flaw. Curve Finance confirmed that all other remaining pools remained unaffected and secure.

Prompt action was taken by Curve Finance following the attack. The early deployer of the “MEV Bot,” identified as c0ffeebabe.eth, voluntarily returned 2,879.54 ETH, valued at approximately $5.4 million, to the Curve Finance deployer. This gesture demonstrated an effort to mitigate the damages caused by the exploit.

The incident has prompted discussions within the DeFi community regarding the safety and security of smart contracts. Vyper’s official documentation was found to recommend the wrong version for installation, contributing to the vulnerability exploited by the attackers.

One of the affected projects, Alchemix, took swift action upon receiving a notice from Curve Finance about the attack on the alETH/ETH pool due to a Vyper error. Alchemix quickly initiated a process to remove AMO (Alchemix’s proprietary token) from the Curve pool through the AMO contract’s control mobility. It is essential to note that the Alchemix smart contract itself remained uncompromised, ensuring the safety of users’ funds.

However, the alETH/ETH Curve pool suffered a loss of approximately 5,000 ETH during the process of removing the remaining liquidity controlled by AMO. As a result, Alchemix advised its users to refrain from providing liquidity in the alETH/ETH Curve pool. While providing liquidity for alETH elsewhere may be technically safe, users must remain cautious, as attackers might exploit the liquidity for their benefit.

The incident highlights the significance of diligent security audits and the need for continuous monitoring and updates in the fast-evolving DeFi landscape. Developers and users are urged to be vigilant and take necessary precautions to safeguard against potential exploits in DeFi protocols.

In response to the incident, the developers behind Vyper have announced that the recursive locks of the affected versions, 0.2.15, 0.2.16, and 0.3.0, are now considered invalid. This action is aimed at preventing further incidents arising from the same vulnerability in other protocols that rely on Vyper for their smart contracts.

As Coincu reported, Aave accepted an urgent motion to deactivate CRV borrowing on Ethereum. The prohibition is intended to prevent traders from abusing Curve flaws and indulging in malicious shorting of borrowed CRV, which might result in repeated liquidations.

DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Harold

With a passion for untangling the complexities of the financial world, I've spent over four years in financial journalism, covering everything from traditional equities to the cutting edge of venture capital. "The financial markets are a fascinating puzzle," I often say, "and I love helping people make sense of them." That's what drives me to bring clear and insightful financial journalism to the readers of Coincu.

Recent Posts

Why Qubetics, NEAR Protocol, and IMX Are Dominating Crypto: The Best Altcoins to Join Today for Game-Changing Returns 

Discover why Qubetics, NEAR Protocol, and Immutable X are the best altcoins to join today,…

10 minutes ago

Bonk’s ICO Was Just the Start: Why BTFD Coin’s Stage 7 Price Rollback Is Your Second Shot at Crypto Glory

BTFD Coin is offering a chance to relive the glory days of meme coin investing,…

1 hour ago

Decoding BDAG’s AMA: A Blueprint for Scalable Blockchain and Enhanced Community Ties

Explore key takeaways from BlockDAG’s AMA, showcasing strides in scalability, growth of the ecosystem, and…

1 hour ago

Best Cryptos with 1000X Potential: Qubetics Revolutionises Blockchain as Polkadot and Cosmos Shape the Future

Discover why Qubetics, Polkadot, and Cosmos are the best cryptos with 1000X potential, offering innovation,…

5 hours ago

Best Coins to Buy in December 2024: Qubetics Offer 630% ROI, Polkadot Delivers on Interoperability and Near Protocol’s Scalability is Talk of the Town

Explore the best coins to buy in December 2024—Qubetics with its thrilling presale, Polkadot’s interoperability,…

11 hours ago

Crypto Market Outlook 2025 Key Factors to Watch

The Crypto Market Outlook 2025 highlights key areas: stablecoin growth, tokenization, crypto ETFs, DeFi innovation,…

14 hours ago

This website uses cookies.