A vulnerability has been discovered in the widely used decentralized finance (DeFi) protocol, Curve Finance. This exploit has led to the draining of funds from several of the protocol’s liquidity pools, putting approximately $100 million at risk. The team at Curve Finance acknowledged the issue in a tweet, stating that certain pools utilizing version 0.2.15 of the Vyper programming language had been compromised due to a malfunctioning reentrancy lock.
The team is actively assessing the situation and will provide updates as they become available. Additionally, they have published a list of the affected pools in a subsequent tweet and have advised users to withdraw all funds from the Arbitrum Tricrypto pool, which holds USDT, WBTC, and ETH tokens. Presently, the mentioned Curve pools contain up to $100 million worth of cryptocurrency, posing a significant risk to the protocol’s reputation.
Curve Finance is a decentralized exchange (DEX) designed for stablecoins that utilizes the automated market maker (AMM) model to manage liquidity. It has long been regarded as one of the most reliable projects in the crypto space. However, following these recent events, the native CRV token associated with Curve Finance has experienced a sharp decline in value. Over the past 24 hours, the token has decreased by 12%, and over the past 7 days, it has plummeted by more than 15%. In the last year alone, the CRV token has lost over half of its value, while other major cryptocurrencies such as Bitcoin (BTC) and Ether (ETH) have seen price increases.