Curve DAO Tokens Suffer Millions In Hack Ahead Of White Hat Rescue Bid

Curve DAO faced a significant setback as millions of CRV tokens were pilfered just moments before a white hat rescue operation aimed at securing the funds, as revealed by blockchain data and Curve contributor Banteg.

According to a report, approximately 7 million CRV tokens and $14 million worth of wrapped ether (WETH) were lost during the exploit. The breach occurred within the CRV/ETH pool on Curve Finance, a prominent decentralized exchange (DEX) renowned for its streamlined stablecoin trading capabilities. 

The platform features a diverse array of pools for various tokens, primarily focusing on stablecoins while accommodating other digital assets.

Curve DAO Faces Vulnerability Impacting Multiple Pools

Curve DAO has been struck by a critical vulnerability that has repercussions across various pools, stemming from a bug found in earlier versions of the Vyper programming language. 

“crv/eth pool drained minutes before a white hack operation,” Banteg wrote on Twitter, shedding light on the unfortunate incident.

The Curve DAO situation has drawn security analysts’ attention, with BlockSec revealing that the renowned cryptocurrency exchange, Binance, funded the wallet employed in the attack. This revelation has raised concerns about the potential risks lurking in the DeFi ecosystem.

Vyper, in response to the issue, has identified the specific versions prone to the malfunctioning reentrancy locks—0.2.15, 0.2.16, and 0.3.0. Projects relying on these vulnerable versions have been urged to contact Vyper for further assistance urgently.

Curve DAO Breach: Unveiling The Flaw

As security firm Ancilia probes deeper into the situation, the full scope of the vulnerability comes to light. According to their analysis, many contracts were exposed to potential risks.

Specifically, 136 contracts relied on Vyper 0.2.15 with reentrant protection, 98 contracts were built using Vyper 0.2.16, and 226 contracts employed Vyper 0.3.0.

As the investigation progresses, the root cause of the vulnerability has been unveiled, shedding light on the extent of the risk. Specific versions of the Vyper compiler were found to need proper implementation of the reentrancy guard. 

This critical oversight allows for the simultaneous execution of multiple functions, bypassing the intended locking mechanism in affected contracts. As a result, malicious actors could unleash reentrancy attacks capable of draining all funds from vulnerable contracts.

Meanwhile, Curve DAO (CRV) price is in red in all timeframes, losing nearly 13% in the last 24 hours. In the last week, the token has shed 14% of its value, figures from crypto market tracker Coingecko shows.

JuiceStorm TV

Trading The UK, IE, US And AU Betfair Horse Racing Markets 24/7

The Betfair selections we are trading above are UK time. Only filled trades or bets appear on JuiceStorm TV.

Unsure how to get involved? Take a look here.

In 2021 TradeHost traded 7,937 Betfair UK, IE, US & AU horse racing and greyhound markets.

2022 saw TradeHost become even more profitable with 22,698 Betfair markets traded.

2023 less markets were traded – 17,459 – but a with a similar profit to 2022.

All trades and bets were streamed live on JuiceStorm TV which was was watched by 124,209 traders in 2022.

All results for the 48,094 Betfair markets traded are here and the charts are here.

Top 100 Comments on JuiceStorm.com

Racing Traders has over 20,000 registered members and more join every day. Find out why with a free trial.

BetTrader from RacingTraders.co.uk was the 1st application for Betfair & introduced the ladder UI. Invest £99 in yourself with a JuiceStorm EXCLUSIVE crypto only offer for a BetTrader lifetime license and no further payments.

Successful Betfair Traders have the simplest Betfair Trading systems. The difference is their selection process, experience and execution level. Get that difference for yourself with automated trading by TradeHost.

Our AI articles are NOT written by a real person and are provided for entertainment only. They may contain content which is inaccurate but we are hoping our AI bot, Rose, will become better over time. The AI category is the ONLY section of JuiceStorm.com that has zero human input.

Leave A Reply
Comment Rules

  • Please show respect to the opinions of others no matter how seemingly far-fetched.
  • Abusive, foul language, and/or divisive comments may be deleted without notice.
  • Each JuiceStorm member is allowed two daily comments. Use them wisely.
  • Comments must be limited to the number of words displayed above the comment box.
  • Use branded capitalisation, eg. JuiceStorm, TradeHost, BetTrader, etc or John will get upset.
  • You agree that any comment you make may be used for marketing purposes by JuiceStorm.com.
  • You need more than 20 words? Click here for the largest Telegram community for Betfair Traders.