Hackers stole around $62 million from Curve Finance on Sunday, causing a ripple effect throughout the crypto sector and raising questions about the strength of the decentralized finance ecosystem.
A handful of DeFi projects’ pools were also hacked, including PEGD’s pETH/ETH: $11 million; Metronome’s msETH/ETH: $3.4 million; Alchemix’s alETH/ETH: $22.6 million; and Curve DAO: around $24.7 million, according to LlamaRisk’s post-exploit assessment.
A bug found in older versions of the Vyper compiler contract programming language caused a failure in a security feature used by a handful of Curve liquidity pools. An admin in Curve Finance’s Telegram group declined to comment further to TechCrunch+ and referred us back to the post-exploit assessment.
By crypto standards, this wasn’t considered a “big” hack; Curve is a massive DEX, and this hack makes up about 4% of its TVL. A portion of the exploit was done by white hat hacker user c0ffeebabe.eth, who returned 2,879 ether, roughly $5.4 million, to Curve, according to on chain data.
But this exploit isn’t the only problem Curve — and the broader crypto space — is facing.