Trusted

DeFi Ecosystem Suffers Fallout From $50M Curve Finance Exploit

2 mins
Updated by Kyle Baird
Join our Trading Community on Telegram

In Brief

  • The DeFi ecosystem was rocked as Curve Finance was exploited for over $50M in a reentrancy attack, impacting several protocols.
  • The exploit resulted in a $2.3B drop in Total Value Locked (TVL) across the DeFi ecosystem, with Curve Finance seeing a 44% TVL drop.
  • Despite a brutal CRV selloff, hackers still possess proceeds; failure of recovery could have serious implications for lending protocols.
  • promo

The decentralized finance (DeFi) ecosystem has been severely shaken by the exploitation of the Curve Finance stablecoin lending platform. Various impacted protocols have experienced a tanking in total value locked, and the fallout is impacting areas far and wide.

A reentrancy attack caused an exploit on Curve Finance for upwards of $50 million on July 30. The exploit was across several stable pools running older versions of the Vyper smart contract programming language

Curve Finance Exploit Causes DeFi Fallout

Curve Finance alerted its users that a number of stablepools (alETH/msETH/pETH) using Vyper 0.2.15 “have been exploited as a result of a malfunctioning reentrancy lock.” It added that its crvUSD stablecoin pools were not affected. 

According to the Vyper official documentation, the recommended install is actually the faulty version. A bug in the smart contract language layer affects almost all protocols using Vyper.

Malicious actors are using reentrancy attacks to repeatedly re-enter a contract, resulting in unauthorized actions or fund theft. 

On July 31, blockchain security and auditing firm PeckShield reported that losses so far amounted to $52 million. Moreover, in addition to Curve, several protocols were impacted, including Alchemix, JPEG’d, Metronome, deBridge, and Ellipsis.

Aave Ethereum v2 version had also disabled its CRV borrowing function amid the panic. There is currently a $100 million CRV debt from protocol founder Michael Egorov teetering on liquidation. If CRV prices continue to rise and reach the liquidation threshold, the protocols will have to liquidate the CRV positions.

Find out How To Choose a Cryptocurrency Lending Platform

Some estimates have put the losses as high as $70 million. However, some of these funds are in the custody of whitehats and MEV bots and are potentially recoverable.

One such white hat with the address ‘c0ffeebabe.eth’ has already returned 2,879 ETH worth around $5.4 million to the Curve deployer address.

Total Value Locked Tanking

TVL across the entire DeFi ecosystem has tanked $2.3 billion since the exploit. As a result, ecosystem value locked is currently at $41.5 billion and still falling. 

The majority of this decline is from Curve Finance which has seen a TVL drop of 44% to $1.8 billion at the time of writing. 

CRV Price Chart in USD 1 week. Source: BeInCrypto 
CRV Price Chart in USD 1 week. Source: BeInCrypto 

CRV prices are also in trouble, with a 16% slump on the day to trade at $0.623. Furthermore, CRV has lost 23% over the past fortnight and remains down a whopping 96% from its all-time high. 

Despite the brutal CRV selloff, the hackers still have the proceeds, reported bankless. “Failure of recovery will result in the sale of CRV, which could have serious implications for lending protocols,” it added. 

Top crypto projects in the US | November 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

profile.jpg
Martin Young
Martin Young is a seasoned cryptocurrency journalist and editor with over 7 years of experience covering the latest news and trends in the digital asset space. He is passionate about making complex blockchain, fintech, and macroeconomics concepts understandable for mainstream audiences.   Martin has been featured in top finance, technology, and crypto publications including BeInCrypto, CoinTelegraph, NewsBTC, FX Empire, and Asia Times. His articles provide an in-depth analysis of...
READ FULL BIO
Sponsored
Sponsored