Hackers were able to steal over $47 million from several stable pools at Curve Finance – an exchange liquidity pool on Ethereum
A few stable pools on Curve Finance using Vyper were exploited on July 30 – announced the liquidity pool team. According to Curve, exploit occurred as a result of a malfunctioning reentrancy lock related to a Vyper bug. The targeted pools included alETH/ETH, msETH/ETH, pETH/ETH and CRV/ETH.
The pool developers warned all the projects using Vyper versions 0.2.15, 0.2.16 and 0.3.0 to be vigilant and reach out to Vyper for more details.
Besides Curve, a number of decentralized finance (DeFi) projects, such as Ellipsis, Alchemix, and Metronome, were affected by the attack.
Vyper is a contract-oriented programming language designed specifically for writing smart contracts on the Ethereum blockchain platform. By its technical characteristics, it is similar to Python, making it easy for developers to learn and use.
Liquidity pools on Ethereum are smart contracts with locked crypto tokens supplied by the platform’s users. They’re self-executing and don’t need intermediaries to function.
Curve, as a specific example of such pools, allows users (and select smart contracts) to trade between DAI and USDC using a certain algorithm designed specifically for stablecoins and earn fees. In addition, the liquidity pool is also supplied to the crypto lending platforms like Compound protocol or yearn.finance. There it generates even more income for liquidity providers.
Statistics show that DeFi projects were main attack target in 2022. Overall, DeFi projects faced 113 hacking attacks last year, with a total of $950 million in losses.