The $47 million hack that attacked Curve Finance on July 30 has sent shockwaves through the decentralized finance (DeFi) community, according to their recent post. The attack destroyed the platform’s investors and initiatives by targeting multiple stable pools. So the question arises how safe are the stable pools in terms of security? Let’s see if some big-name projects got caught in the crossfire too.
It’s important to remember that a faulty reentrancy lock was the root cause of the vulnerability in widely used Vyper versions 0.2.15, 0.2.16, and 0.3.0. However, due to this crucial defect, intruders could take advantage of the fact that several operations were being processed simultaneously, which in turn caused a domino effect of financial calamity.
Surprisingly, the highly expert team of Ancilia conducted a thorough investigation, which exposed a staggering 136 contracts that utilized Vyper 0.2.15, while 98 contracts relied on Vyper 0.2.16. Moving on, 226 contracts employed Vyper 0.3.0, all of which were exposed to the devastating exploit. A smell of serious security breaches is brewing from the ecosystem. Isnt’?
High Profile Projects That Felt The Tremors
On the contrary, the effect of the attack has been complete chaos. Many prominent DeFi initiatives were severely damaged. The decentralized exchange Ellipsis has recorded steady pool losses with BNB. Meanwhile, a massive $13.6 million left Alchemix’s alETH-ETH pool. The pETH-ETH pool of JPEGd was also hit hard, losing $11.4 million; the sETH-ETH pool of Metronome was also hit hard, losing $1.6 million.
The sad news that 32 million CRV tokens worth over $22 million were stolen from the swap pool was also confirmed by Michael Egorov, CEO of Curve Finance. There have been reverberations throughout the DeFi ecosystem as a result of the effects, with investors fleeing in fear and a flurry of transactions occurring between pools.
While, Curve DAO’s utility token, CRV, was severely impacted by the exploit, dropping by more than 5%. The incident revealed CRV’s liquidity was weak, which may lead to significant price fluctuations.
As the dust settles, the DeFi sector is grappling with yet another significant security breach. This exploit adds to a series of incidents that have plagued the ecosystem. Just days before this massive attack, Curve Finance’s omnipool platform, Conic Finance, suffered a $3.26 million theft in Ether, sending shivers down the spines of DeFi enthusiasts.
It is imperative that further security measures be implemented immediately since the staggering amount of $204 million was lost to DeFi breaches and frauds in the second quarter of 2023 alone. As the potential for more assaults looms large over the DeFi space, it is imperative that projects keep their customers’ payments secure as a top priority.
DeFi world security: how do you feel? Do developers and projects take enough safety measures? Tell us your views.