Curve Finance Hack: $61 Million Drained from Liquidity Pools
- Curve Finance experienced a hack attack on July 30, resulting in the loss of over $61 million from its Vyper-based liquidity pools.
- The attacker took advantage of a vulnerability in Curve’s Vyper 0.2.15 reentrancy lock.
- Curve Finance offered a bounty to the hacker, but they failed to meet the request.
- The protocol then extended a $1.85 million bounty to the public to encourage the recovery of the stolen funds.
- The attack affected four liquidity pools for Ethereum pairs, including CRV, Alchemix, Metronome Synth, and JPEG’d.
Hacker Returns Stolen Assets, But Not Completely
- The hacker returned stolen assets only to Alchemix and JPEG’d pools, without fully refunding other affected pools.
- The deadline for the exploiters to voluntarily return the funds passed on August 6.
- Curve Finance announced an extended bounty to the public, offering a reward of 10% of the unrecovered stolen funds, approximately $1.85 million.
- The bounty will be given to anyone who provides information leading to the hackers’ arrest and conviction.
- If the exploiter voluntarily returns the remaining funds in full, Curve Finance will drop the case.
Copycat Attack on BSC, Hackers Steal $73,000 in Crypto
- Following Curve Finance’s exploit, the Binance Smart Chain (BSC) also fell victim to a similar attack due to a Vyper programming language vulnerability.
- Hackers stole approximately $73,000 worth of crypto assets on the BSC chain.
Hackers and White Hat Hackers Clash in Recovery Efforts
- White hat hacker “coffebabe.eth” hijacked some funds for safekeeping and requested the affected protocols to contact them for retrieval.
- White hat and black hat hackers have been clashing in their attempts to recover or move the funds.
By
By
By
By
By