Curve Finance Hack Update

Curve Finance has issued a post-hack safety report.
70% of stolen funds have been recovered.
$20 million in ETH is still unaccounted for.

After tens of millions were drained from liquidity pools in a 0-day exploit enabled by reentrancy call loops during a Vyper Compiler malfunction which left Curve Finance reeling, the swap protocol has set its sights on a stable recovery.

Quick post-hack update.

While 70% of funds affected by the hack last week are recovered, active investigation with regards to the rest is underway.

In the meantime, we are also working on measuring the respective shares of each affected user with the goal of proper distribution
— Curve Finance (@CurveFinance) August 11, 2023

Via @CurveFinance – X

Nearly three-quarters of the $60 million in stolen funds have been recovered, and an investigation remains active to regain the remaining amount. Curve Finance is currently working on measuring the holdings of each user impacted by the exploit and is exploring redistribution.

Four liquidity pools are still affected by the exploit, including ALETH, PETH, MSETH, and CRVETH. Additionally, the Arbitrum-TRICRYPTO liquidity pool was accessed, and a possible vulnerability was identified but was not exploited. Regardless, Curve has cautioned users to withdraw from this pool and avoid it temporarily.

Post-hack safety report:
– aleth, peth, mseth, crveth pools were exploited due to bug in vyper 0.2.15-0.3.0
– arbitrum-tricrypto pool can affected by the vulnerability but no possibility of exploit was identified (still, better leave that pool)
– All other pools on Curve are safe
— Curve Finance (@CurveFinance) August 11, 2023

Via @CurveFinance – X

Conclusion

While the hacker continues to allude authorities, the meticulous process of assessing and quantifying the holdings of each affected individual underscores Curve’s commitment to transparency and fairness.

Tags: Curve Finance