Curve Finance Hackers Exploit Vyper Vulnerabilities, Could State-Sponsored Hackers Be Involved?
07/31/2023 18:22
Curve Finance was hit by an advanced hack exploiting Vyper compiler vulnerabilities, and community suspects state-sponsored hackers involved.
Hackers were able to target Curve Finance, a prominent decentralized exchange, by taking advantage of flaws in the release history of the Vyper compiler. And there are speculations that it is a carefully thought-out operation. The crypto community has expressed concern about these attacks, and there have been rumors that state-sponsored hackers may have been involved.
The exploit targeted versions 0.2.15 to 0.3.0 of the Vyper compiler. According to Vyper contributor @fubuloubu, this sophisticated attack likely took weeks, if not months, to prepare. The hackers meticulously trawled through Vyper’s past releases, pinpointing specific vulnerabilities to exploit – an uncommon tactic hinting at the high level of expertise and resources behind the operation.
The impacted pools include crv/eth, aleth/eth, mseth/eth, and peth/eth. The tri-crypto pool on Arbitrum might also be affected. While auditors and Vyper developers have not identified a profitable exploit in this pool, users are advised to exit as a precaution.
Vyper’s code base, being smaller and less frequently updated than most, has generally been perceived as more secure and easier to audit. However, this incident highlights the challenges even in scrutinized and relatively stable compilers.
The attack underscores a wider issue in the crypto community – the lack of incentivization for uncovering bugs in past software releases. Addressing this requires a collective effort to solve what @fubuloubu refers to as “public goods issues”.
Recommended Articles
Also Read: Nigerian SEC Calls Binance Operations Illegal in the Country
Curve Finance TVL And Token Price Down
The CRV token is also down by more than 12% in 24 hours and is trading at $0.64. Its market cap is also down by 12% in a day, at the time of writing this article. According to DeFiLlama statistics, the total value of assets held on the decentralized finance protocol Curve Finance (CRV) decreased by almost 50% in the past day to $1.731 billion from $3.26 billion reported on July 30.
The exodus can be ascribed to a protocol exploit, which exacerbated community members’ worries about liquidation and bad debt and caused them to withdraw their money from the cryptocurrency project right once.
Also Read: Top Whales Accumulating Stablecoins, Is A Major Correction In Bitcoin Price Ahead?
CoinGape comprises an experienced team of native content writers and editors working round the clock to cover news globally and present news as a fact rather than an opinion. CoinGape writers and reporters contributed to this article.
The presented content may include the personal opinion of the author and is subject to market condition. Do your market research before investing in cryptocurrencies. The author or the publication does not hold any responsibility for your personal financial loss.