Major attack on the Curve Protocol (CRV): $11.4M stolen

A major attack has just hit the Curve protocol, resulting in the theft of nearly $11.4 million from the pETH-ETH liquidity pool. The situation remains volatile, with several other pools also affected by this lockdown flaw.

A major hack shakes up the Curve protocol

The Curve (CRV) protocol was recently the target of a major attack, leading to the hijacking of $11.4 million from the pETH-ETH pool. According to data from Circle, the hacker used the address 0x6Ec21d1868743a44318c3C259a6d4953F9978538 to steal 6,106 wETH. This attack raised concerns about the security of pools on the network.

But that’s not all ! It seems that this flaw has also affected other stable pools. A tweet recent published by Curve indicates that several pools using Vyper 0.2.15, including alETH, msETH, and pETH, were exploited due to a lockout flaw.

“A number of stable pools (alETH/msETH/pETH) using Vyper 0.2.15 were mined due to a malfunction of the reentrancy lock. We are assessing the situation and will update the community as things develop. The other pools are safe.”

Faced with this critical situation, Curve reacted quickly on its social networks. The platform acknowledged that the malfunctioning reentrancy lock allowed the mining of several stable pools, including alETH, msETH, and pETH. Nonetheless, Curve wanted to reassure the community that other pools are safe.

“A number of stable pools (alETH/msETH/pETH) using Vyper 0.2.15 were mined due to a malfunction of the reentrancy lock. We are assessing the situation and will update the community as things develop. The other pools are safe.”

DeFi security: A major issue at the heart of concerns

At this time, the details provided by Curve remain limited. The Curve development teams are currently assessing the situation and promise to keep the community informed as events unfold.

In the face of this major event, the crypto community is eagerly awaiting further updates from Curve regarding the ongoing investigation into the pETH-ETH pool.

This situation raises crucial questions about the security and resilience of decentralized finance (DEFI) protocols, especially since such attacks are unfortunately common in this sector. It should be noted that this is not Curve’s first attack. He was the target of attacks in August 2022. Case to follow carefully.

Receive a digest of news in the world of cryptocurrencies by subscribing to our new service of newsletter daily and weekly so you don’t miss any of the essential Tremplin.io!

Similar Posts