A flaw in the widely-used decentralized finance (DeFi) protocol, Curve Finance, has led to a significant loss of funds from several of the protocol’s liquidity pools, with an estimated $100 million still under threat.
On Sunday, the Curve team shared via Twitter that several of their pools, which utilize version 0.2.15 of the Vyper programming language, fell victim to an exploit due to “a malfunctioning reentrancy lock.”
The team stated, “We are assessing the situation and will update the community as things develop.”
To keep users informed, the Curve team tweeted again on Monday, detailing the specific pools that had been compromised as a result of the said vulnerability.
The Curve team further cautioned users to evacuate all assets stored in the Arbitrum Tricrypto pool, which accommodates USDT, WBTC, and ETH tokens.
Presently, assets amounting to approximately $100 million in value are vulnerable within the identified Curve pools. This scenario poses a considerable threat to the overarching reputation of the protocol.
Historically, Curve Finance has been recognized as a prominent player in the crypto domain. Operating as a decentralized exchange (DEX) for stablecoins and employing the automated market maker (AMM) model for liquidity management, it has consistently been regarded as one of the most dependable and robust projects in the crypto sphere.
CRV token plummets
In light of these developments, the value of Curve Finance’s indigenous CRV token has witnessed a sharp decline.
As of the latest update on Monday, the CRV token experienced a drop of 12% in just the previous 24 hours. In the last week, its value has decreased by over 15%.
Assessing its performance over a broader timeframe, the CRV token has lost over 50% of its worth in the past year. This stands in stark contrast to prominent cryptocurrencies like Bitcoin (BTC) and Ether (ETH), which have observed price appreciations in the same duration.
The flaw identified in Curve mirrors the vulnerability that other DeFi platforms, namely Era Lend and Conic Finance, cited as the reason for their recent fund losses.
On a brighter note, in the wake of these security breaches, a white hat hacker has managed to retrieve and return a substantial amount of 2,870 ETH, equating to roughly $5.4 million, to Curve Finance.