Massive Hack on DeFi Protocol Curve Raises Concerns

According to one user, the perpetrator had been active on the Ethereum web3.py blockchain library and the Bancor open-source Defi protocol ecosystem for some time.

The recent Curve hack has caused widespread confusion in the community, not only because Curve is the most significant initiative in the DeFi system but also because of the incident’s size and scope.

Currently, the potential loss of assets is up to $100 million, and several affected initiatives, including Alchemix (ALCX), Ellipsis (EPX), etc.

Several Curve protocols utilizing the Vyper 0.2.15 programming language have been repeatedly assaulted, according to the report.

The incident began on July 30. The NFT loan initiative announced that it had been attacked on the pETH-ETH liquidity pool, with losses of up to $11.4 million.

The sETH-ETH team of the Metronome initiative was subsequently deprived of more than $1.6 million in funding.

Following this, additional industries, including Alchemix, Debridge, and Elippsis, reported the same issue.

According to the security company BlockSec, more than $42 million was withdrawn from Curve Groups for this reason.

According to @fubuloubu, a Vyper expert, Curve’s malware team has thoroughly investigated each version of Vyper to identify exploitable vulnerabilities.

This causes weeks or even months of preparation for the attack. Therefore, @fubuloubu suspects state-sponsored hackers may be implicated.

Historically, Lazarus Group, a notorious hacker group financed by the North Korean government, was responsible for the attack on Ronin Network that caused over $600 million in damages last year.