Curve Finance vows to reimburse users after $62M hack

Blockchain

Curve Finance, a decentralized finance (DeFi) platform for lending stablecoins, has officially stated its intention to reimburse users who were impacted by the recent breach resulting in a $62 million loss from the system. 

According to a post by Curve Finance, ongoing investigations are yielding progress, with approximately 79% of the funds successfully recuperated. The platform further emphasizes its current priority, which revolves around assessing the proportional portions of each impacted user.

This evaluation aims to ensure an equitable distribution of resources. The incident, which occurred on July 30, involved malicious actors exploiting vulnerabilities within the release history of Curve Finance’s Vyper compiler.

The individual behind the hack directed their attention specifically toward versions 0.2.15 to 0.3.0 of the Vyper compiler. Evidently, the hacker displayed an understanding of the precise weaknesses within the historical iterations of Vyper. The identification of these vulnerabilities would have demanded a significant degree of skill and substantial resources, as highlighted by experts in the field.

Notably, there are speculations that the undertaking was meticulously planned prior to its enactment. A contributor to Vyper is resolute in their belief that the scheme likely required hackers several weeks, if not months, to formulate. Among the pools that experienced ramifications are CRV/ETH, alETH/ETH, msETH/ETH and pETH/ETH. Furthermore, there is a growing concern that the tri-crypto pool on Arbitrum might also have been subject to this impact.

Related: Aave DAO opens voting on proposals to reduce CRV exposure

Regrettably, the assault reverberated across the entirety of the DeFi landscape. A comprehensive examination of the breach underscored a notable issue within the budding cryptocurrency sector; the absence of proper incentives to identify vulnerabilities in previous software iterations.

An incentive of 10% as a bounty was extended to the individual responsible for the breach, and upon acceptance of the proposition, the perpetrator instigated the procedure to restore the funds a few days later. This course of action was corroborated by Etherscan data, which validated that the individual behind the attack conducted three distinct transactions to the Alchemix Finance developer wallet. The cumulative value of these transfers amounted to 4,821 Ethereum (ETH), equivalent to $8,891,578 at the given time. As of now, the restitution process remains incomplete.

Magazine: Should crypto projects ever negotiate with hackers? Probably

Articles You May Like

Dollar Awaits Fed Clarity on Easing, Sterling Shrugs Strong Inflation Data
Gold Price Today: Yellow metal prices tumble by Rs 700/10 gm after 25 bps US Fed rate cut, silver down by Rs 2,100/kg
Sterling and Yen Underperform After BoE and BoJ
Key Fed inflation measure shows 2.4% rate in November, lower than expected
Gold Price Today: Yellow metal prices rise by Rs 900/10 gm in 2 days, silver up by Rs 1,750/kg

Leave a Reply

Your email address will not be published. Required fields are marked *