The community behind the decentralized finance protocol Curve Finance has decided to repay liquidity providers who suffered from a $61 million attack in July.
On-chain data confirms that 94% of token owners approved token payments exceeding $49.2 million on December 21 to cover losses of Curve (CRV), JPEG (JPEG), Alchemix (ALCX), and Metronome (MET) pools.
The calculation of losses includes the number of Ethereum and CRV tokens in the pools before the attack as well as the missed CRV emissions to be distributed to liquidity providers in recent months. According to Curve’s offer, the community fund will supply Curve DAO (CRV) tokens. The set amount also includes a deduction for the tokens recovered since the event.
In this offer, it is stated, “The total recoverable amount was calculated to be 5919.2226 ETH and 34.733.171,51 CRV to be recovered, with a total of 55.544.782,73 CRV to be distributed.”
The security incident occurred on July 30, and several DeFi protocols were subjected to stress tests in the following days due to concerns about the impact of the attack on the crypto ecosystem. In July, Curve Finance’s total locked value (TVL) was approximately $4 billion. The affected pools included alETH/ETH, pETH/ETH, msETH/ETH and CRV/ETH.
Hacker used Vyper (Curve Finance)
In Curve Finance’s proposal, it stated, “Even if funds stolen in each pool have been either fully or partially recovered, MEV bots left a deficit in all affected pools, and this improvement proposal aims to make affected LPs whole.”
The hacker exploited a security vulnerability in stable pools using some versions of the Vyper programming language, a popular choice for DeFi protocols because it’s designed for EVM. The bug made Vyper’s 0.2.15, 0.2.16 and 0.3.0 versions susceptible to reentrancy attacks.
Also, in the comment section, you can freely share your comments and opinions about the topic. Additionally, don’t forget to follow us on Telegram, YouTube, and Twitter for the latest news and updates.