Curve Finance Hackers Exploit Vyper Vulnerabilities, Could State-Sponsored Hackers Be Involved?

Hackers were able to target Curve Finance, a prominent decentralized exchange, by taking advantage of flaws in the release history of the Vyper compiler. And there are speculations that it is a carefully thought-out operation. The crypto community has expressed concern about these attacks, and there have been rumors that state-sponsored hackers may have been involved.

Hackers Exploit Vyper Vulnerabilities

The exploit targeted versions 0.2.15 to 0.3.0 of the Vyper compiler. According to Vyper contributor @fubuloubu, this sophisticated attack likely took weeks, if not months, to prepare. The hackers meticulously trawled through Vyper’s past releases, pinpointing specific vulnerabilities to exploit – an uncommon tactic hinting at the high level of expertise and resources behind the operation.

The impacted pools include crv/eth, aleth/eth, mseth/eth, and peth/eth. The tri-crypto pool on Arbitrum might also be affected. While auditors and Vyper developers have not identified a profitable exploit in this pool, users are advised to exit as a precaution.

Vyper’s code base, being smaller and less frequently updated than most, has generally been perceived as more secure and easier to audit. However, this incident highlights the challenges even in scrutinized and relatively stable compilers.

The attack underscores a wider issue in the crypto community – the lack of incentivization for uncovering bugs in past software releases. Addressing this requires a collective effort to solve what @fubuloubu refers to as “public goods issues”.

Also Read: Nigerian SEC Calls Binance Operations Illegal in the Country

Curve Finance TVL And Token Price Down

The CRV token is also down by more than 12% in 24 hours and is trading at $0.64. Its market cap is also down by 12% in a day, at the time of writing this article. According to DeFiLlama statistics, the total value of assets held on the decentralized finance protocol Curve Finance (CRV) decreased by almost 50% in the past day to $1.731 billion from $3.26 billion reported on July 30.

The exodus can be ascribed to a protocol exploit, which exacerbated community members’ worries about liquidation and bad debt and caused them to withdraw their money from the cryptocurrency project right once.

Also Read: Top Whales Accumulating Stablecoins, Is A Major Correction In Bitcoin Price Ahead?