#CurveFinance , the leading DeFi platform on Ethereum, has just suffered a massive attack within the past 24 hours.
➡️ According to the announcement from the project, a series of stablepool pools (alETH/msETH/pETH) using the Vyper 0.2.15 programming language have been subjected to a repeated attack.
➡️ “We are reviewing the situation. Other liquidity pools are safe,” Curve announced on Twitter.
➡️ The incident began on the evening of July 30, project JPED'd - an NFT loan project, announced that it had been attacked on the pETH-ETH liquidity pool, with a loss of up to 11.4 million USD. After that, the sETH-ETH team of the Metronome project was also withdrawn more than 1.6 million USD. After that, other projects like Alchemix, Debridge, Elippsis… also reported the same situation.
➡️ Currently, more than $42 million has been withdrawn from groups on Curve for the above reason, according to security firm BlockSec.
➡️ Curve Finance is an ultimate decentralized trading platform for trading stablecoins and other assets. Factory pool is a model that allows projects or individuals to launch their own liquidity pools through Curve's infrastructure.
➡️ Igor Igamberdiev, Head of Research at Wintermute, said that attackers deployed a reentracy attack against factory pools using a programming version of Vyper. Over $100 million in assets in factory pools are at risk because of bugs in the Vyper language. However, Vyper said only versions 0.2.15, 0.2.16 and 0.3.0 are at risk when reentracy prevention is not available.
➡️ To mitigate the impact, Mimaklas, a member of the project team, said all affected groups have been liquidated by security experts.
⚠️ After this news, the $CRV price has dropped more than 17% and is currently trading at $0.61.
