A cyberattack on the Curve Finance exchange affected a large number of assets and pools.
Curve Finance, a popular decentralised exchange (DEX), has been hacked, affecting several Ethereum pools and an Arbitrum-based liquidity pool. The incident resulted in a $52 million theft.
DEX Curve Finance is a platform where Ethereum assets can be exchanged for Staked Ethereum or USDT Tether for USDC Circle. The tool gives traders the opportunity to profit from price differences between assets.
Three liquidity pools, including tokens paired with Ethereum (ETH) and the Curve (CRV) governance token, have been breached.
A vulnerability in older versions of the Vyper compiler for writing smart contracts on the Ethereum blockchain also compromised several ERC-20 tokens issued by Alchemix (alETH), Metronome Synth (smETH), and JPEG'd (pETH).
As the situation progressed, it became clear that there was a potential threat to the Arbitrum liquidity pool. Curve Finance has warned that the Tricrypto pool, which includes USDC, wBTC, and ETH, may also be affected. Although security experts did not identify any Tricrypto attacks, they advised liquidity providers to leave the pool.
In addition to Curve Finance, another DEX powered by BNB Chain, Ellipsis, was hit by the cyber attack. At the same time as Curve Finance, Ellipsis representatives reported on the operation of the pools.
Following the incidents, the DeFi community demanded that smart contracts be audited and updated on a regular basis, emphasising the need for increased security measures. While the investigation is ongoing, the DeFi community is keeping a close eye on the situation in order to determine the full extent of the damage and prevent similar incidents in the future.