The SEC warns of possible risks for users of Curve and DeFi platforms in general.
In September 2022, an unknown hacker stole about $160 million from the cryptocurrency market maker Wintermute and became the largest liquidity provider in Curve Finance, deployed on the Ethereum blockchain.
The stolen funds represent 28% of the total amount placed in the Curve 3pool liquidity pool. Despite this, the creators of the protocol cannot control who uses the platform or provides liquidity in the pools, since the code is immutable.
Curve is the largest decentralized crypto exchange (DEX) on Ethereum, with a total value locked (TVL) of about $4.5 billion. The platform allows users to trade digital assets without intermediaries by trading tokens through liquidity pools, and liquidity providers are charged a commission every time someone -something uses a pool to exchange tokens.
In April 2023, the SEC cited Curve as an example of a DeFi protocol in which the responsibility for the system cannot be placed on smart contract creators, and suggested that the code of the protocol could be changed to comply with the requirements, and if this does not happen, then protocol must be closed.
The Curve Finance team noted that even the protocol's administrators cannot change the code that holds the funds, and that it is impossible to close the protocol without shutting down the Ethereum blockchain completely.
The situation with the hacking of the Wintermute crypto service and the subsequent use of the stolen funds in Curve Finance attracted the attention of experts and regulators. They raised concerns about the security of decentralized finance platforms and the potential for stolen funds to be used as liquidity in pools.
In addition, questions have arisen regarding how secure the code of the Curve protocol and other decentralized financial platforms are. The SEC stated that responsibility for the system cannot be placed on the creators of the smart contract, however, the ability to change the code can be critical to ensure user safety and prevent abuse.
The Wintermute incident highlighted the need to improve the security of decentralized finance platforms, as well as the introduction of new control and regulation mechanisms in this area.
However, many in the crypto enthusiast community continue to believe in decentralization and the possibility of creating secure and transparent financial systems on the blockchain.