Fun

News Feed - 2023-08-05 05:08:00

Ana Paula Pereira3 hours agoCurve-Vyper exploit: The whole story so farCurve Finance pools were targeted by hackers in a reentrancy attack on July 30, sending shockwaves across the DeFi ecosystem. Cointelegraph compiled the week"s events.1099 Total views3 Total sharesListen to article 0:00Follow upJoin us on social networksThe decentralized finance (DeFi) ecosystem has experienced a challenging week after a seismic security incident led to over $61 million being stolen from Curve Finance’s pools, leaving several protocols facing broader contagion risks.


This attack exposed vulnerabilities across DeFi projects and sparked efforts to recover stolen funds over the past few days.


As the community navigates the aftermath of this exploit, Cointelegraph compiled the week’s events, presenting a timeline of what happened since the hack on July 30.The hack: Curve Finance pools are exploited for over $61 million due to reentrancy vulnerability


Several stable pools on Curve Finance using the Vyper programming language were exploited on July 30, with losses reaching over $61 million (total losses were initially estimated at $47 million). The vulnerability was found on Vyper’s versions 0.2.15, 0.2.16 and 0.3.0.


Several DeFi projects were affected by the attack. Decentralized exchange (DEX) Ellipsis reported that a small number of stable pools with BNB (BNB) were exploited using an old Vyper compiler. Alchemix’s alETH-ETH also witnessed $13.6 million of outflows due to the attack, along with $11.4 million exploited on JPEGd’s pETH-ETH pool and $1.6 million from Metronome’s sETH-ETH pool. Curve Finance CEO Michael Egorov also confirmed that 32 million Curve DAO (CRV) tokens worth over $22 million had been drained from the swap pool.Curve"s Michael Egorov confirmed the theft of 32 million Curve DAO tokens on July 30. Source: Telegram/LobsterDAO


The BNB Smart Chain (BSC) was also a victim of copycat attacks due to the same vulnerability, with around $73,000 worth of cryptocurrencies on BSC across three exploits being stolen.


Since news of the exploit broke, white hat and black hat hackers have been duking it out on-chain, attempting to disrupt each others’ exploit attempts or efforts to recover funds.


Preliminary investigations found that some versions of the Vyper compiler did not correctly implement the reentrancy guard, which prevents multiple functions from being executed at the same time by locking a contract.The impact: Vyper vulnerability exposes DeFi ecosystem to stress tests; CRV price plummets


The security incident exposed DeFi protocols to a stress test in the following days, raising concerns about the impact of the exploit on the crypto ecosystem — in particular, because the vulnerability could place all pools with Wrapped Ether (WETH) at risk of attack.


Vyper is a contract programming language designed for the Ethereum Virtual Machine. It is considered one of the most widely used Web3 programming languages, meaning the bug in three of its versions could threaten several other protocols.


The exploit also led to one of the largest ever maximal extractable value (MEV) reward blocks of 584.05 Ether (ETH). According to Ethereum core developer “eric.eth,” the bot noticed an incoming hack in the mempool, reproduced the transaction and front-ran it. “To do so they pay the block producer a lot of ETH to be front of the line,” he explained. MEV bots can see pending liquidation transactions and front-run them to buy the liquidated assets first at a discount.Today has produced some of the largest MEV reward blocks in Ethereum’s history.

Slot 6,992,273: 584 ETH

Slot 6,993,342: 345 ETH

Slot 6,992,050: 247 ETH

Slot 6,993,346: 51 ETH— eric.eth (@econoar) July 30, 2023 Curve’s CEO scurries to pay collateralized loans


Threats elsewhere could also cause ripple effects across DeFi. Curve Finance founder Michael Egorov had around $100 million in loans backed by 47% of the circulating supply of the protocol’s native token, CRV.


However, the CRV price dropped nearly 30% following the hack, falling to a low of $0.48 amid fears that Egorov"s collateralized loans would be liquidated.


To reduce his debt position, Egorov sold 39.25 million CRV tokens to several notable DeFi investors, including Justin Sun, Machi Big Brother and DWF Labs, for a total of $15.8 million. The buyers purchased CRV at $0.40 per token, a 25% discount to the market price at the time. In addition, Egorov made partial payments on two loans on Aave and Frax Finance.CEX price feed prevents Curve price from collapsing


The CRV token price collapsed on the DeFi market due to the significant draining of several pools; however, it was eventually saved by the centralized exchange (CEX) price feed. The CRV price hit $0.086 on DEXs but traded at $0.60 on CEXs, preventing the token’s price from collapsing to zero. 


The ironic incident drew the attention of Binance CEO Changpeng Zhao, who chuckled at the fact that, in the end, it was a CEX price feed that saved the DeFi protocol.


Also reacting to an uncertain environment, Curve’s native stablecoin, crvUSD, briefly depegged on Aug. 3. The algorithmic stablecoin fell by as much as 0.35% before regaining its peg to the United States dollar. Recently launched, crvUSD uses a mechanism for maintaining its peg called the PegKeeper algorithm, which ensures that the crvUSD value is properly backed by collateral while balancing supply and demand.DeFi community: Ethical hacker retrieves $5.4M for Curve Finance amid exploit


During the crisis, the DeFi community stood by Curve Finance. On July 31, a white hat hacker managed to retrieve around 2,879 Ether worth around $5.4 million from an exploiter and returned the ETH to Curve Finance. Hours later, another ethical hacker seized almost 3,000 ETH and returned the ETH to Curve’s deployer address.


Amid fears of liquidation surrounding Egorov’s loans, Jun Du, the co-founder of Huobi, purchased 10 million CRV for $4 million from Curve’s CEO. Additionally, Aave Chan founder Marc Zeller proposed the Aave Treasury buy $2 million worth of CRV tokens from the protocol. According to the proposal, the acquisition would signal that DeFi players support the health of the ecosystem. What about crvUSD? How does its price react to shock events, does it depeg?

Events of recent days felt similar to SVB/USDC situation in some sense. However, crvUSD had just a 0.35% dip, and currently 0.1% from the peg pic.twitter.com/HaMfbkiFSR— Curve Finance (@CurveFinance) August 3, 2023


Cross-chain lending platform Abracadabra Money also proposed increasing the interest rate on its outstanding loans to manage risks associated with its exposure to CRV. The return of funds: Curve, Metronome and Alchemix offering 10% bug bounty; hacker takes it


On Aug. 3, Curve, Metronome and Alchemix jointly announced an initiative to recover stolen funds from the recent exploits of Curve’s pools. The protocols offered a 10% bounty of the seized funds as a reward, urging those responsible for the exploit to step forward and return the remaining 90%, which would bring the bounty close to $7 million.


The offer came with a guarantee of no further legal actions or involvement of law enforcement. “We want to resolve this in a civilized manner," the protocols wrote to the hacker.


In less than 24 hours, on Aug. 4, the original attacker for the multimillion-dollar exploit apparently accepted the bounty offer and began returning funds stolen a few days earlier. The hacker sent back 4,820.55 Alchemix ETH (alETH), worth approximately $8,889,118, to the Alchemix Finance team, as well as 1 ETH, approximately $1,844, to the Curve Finance team.


The attacker also posted a message that seems to have been directed at the Alchemix and Curve teams, claiming to be willing to return the funds but only because the person didn’t want to “ruin” the projects involved and not because the attacker was caught.Message sent by the exploiter to the protocols on Aug. 4. Source: Etherscan


A total of $8.9 million worth of cryptocurrency has been returned at the time of writing, equal to roughly 15% of the total amount drained.


Additional reporting by Amaka Nwaokocha, Ezra Reguerra, Martin Young, Nivesh Rustgi, Prashant Jha, Tom Blackstone, and Zhiyuan Sun.# Blockchain# Business# Ethereum# Hackers# Hacks# DeFi# Curve FinanceAdd reactionAdd reactionRelated NewsWhat is profit and loss (PnL) and how to calculate itWorldcoin: Should you let Sam Altman scan your eyeballs for WLD?Ensuring integrity of blockchain transactions: Trust through auditsCrypto lender Geist Finance shuts down permanently over Multichain hack‘Multichain was a big blow,’ says Andre Cronje as Fantom TVL slumpsAnother week of DeFi hacks, but ZK-proof development heats up: Finance Redefined

News Feed
Biggest Movers: LTC Races to 9-Month High, ATOM Extends Recent Gains
Biggest Movers: LTC Races to 9-Month High, ATOM Extends Recent Gains Litecoin raced to a nine-month high on Feb. 1, following a breakout of a key resistance level. The surge in pri
2023-02-02 02:00 AM
What the CFTC Chairman Actually Said About Ether Futures and Ethereum 2.0
The Takeaway: CFTC Chairman Heath Tarbert said last month that ether is a commodity, and he expects to see regulated ether futures in the U.S. in the next six months. The ethereum network is expected to transition from i
2019-11-15 17:15 PM
Argentinian Regulator to Propose Anti-Money Laundering Measures for Crypto Firms
Argentinian Regulator to Propose Anti-Money Laundering Measures for Crypto Firms The Argentinian anti-money laundering regulator is reportedly working to force cryptocurrency firms
2022-03-18 22:30 PM
State attorneys general argue SEC overstepped in Kraken lawsuit
Savannah Fortis14 hours agoState attorneys general argue SEC overstepped in Kraken lawsuitAttorneys general from numerous states filed a brief that calls out the SEC for its enforcement action against the Kraken crypto e
2024-03-01 18:21 PM
ERTHA Listing on ByBit
ERTHA Listing on ByBit sponsored Ertha Metaverse, one of blockchain gaming’s most talked about metaverses has today announced the listing of the ERTHA token on another of the
2022-02-26 15:00 PM
Bitcoin Dump Saw Exchange Inflow Jump Over 1,000%, Whale Address Sells 2,700 Coins, F2pool Hawks 3,633 BTC
Bitcoin Dump Saw Exchange Inflow Jump Over 1,000%, Whale Address Sells 2,700 Coins, F2pool Hawks 3,633 BTC On Sunday, February 21, the price of bitcoin touched a
2021-02-25 05:30 AM
Bitcoin, Ethereum Technical Analysis: BTC, ETH Move Lower on Black Friday
Bitcoin, Ethereum Technical Analysis: BTC, ETH Move Lower on Black Friday Bitcoin was marginally lower on Nov. 25, as markets returned to action following the U.S. Thanksgiving hol
2022-11-25 22:30 PM
Crypto Policy: Kenyan Senate Ready to Engage Central Bank
Crypto Policy: Kenyan Senate Ready to Engage Central Bank The Kenyan Senate’s Information, Communication and Technology committee has said it is ready to engage the Central B
2023-02-25 02:30 AM
a16z co-founders pledge to support Trump in wake of Vance VP pick: Report
Alex O’Donnell6 hours agoa16z co-founders pledge to support Trump in wake of Vance VP pick: ReportNumerous Silicon Valley insiders are reportedly donating to the Republican presidential nominee.3820 Total views4 Total
2024-07-17 02:41 AM
WisdomTree CEO: Crypto ‘is going to go mainstream’
Alex O’Donnell4 hours agoWisdomTree CEO: Crypto ‘is going to go mainstream’Jonothan Steinberg said US presidential contender Donald Trump’s July 27 speech at Bitcoin 2024 promised much-needed regulatory clarity.1
2024-07-30 04:50 AM
Report: Shanghai Bank Mulls Buying Silicon Valley Bank’s Stake in Chinese Subsidiary
Report: Shanghai Bank Mulls Buying Silicon Valley Bank"s Stake in Chinese Subsidiary According to reports, Shanghai Pudong Development Bank may acquire the China-based subsidiary o
2023-03-15 23:30 PM
Ciaran Lyons20 hours agoOpenAI investors push for Sam Altman’s return as CEO: ReportAccording to sources familiar with the matter, key investors at OpenAI disagreed with the board’s decision to terminate CEO Sam Altm
2023-11-19 12:22 PM