Curve Finance Resurgence: 70% Of Stolen Funds Recovered, Redemption On The Horizon

Curve Finance (CRV), a leading decentralized finance (DeFi) protocol, announced significant progress in its recovery efforts following a recent hack that resulted in losing $73.5 million across several projects within its factory pools. 

The attack on July 30 exploited a critical security flaw known as a “reentrancy vulnerability,” allowing malicious actors to drain funds from Curve’s smart contracts.

Curve Finance Commits To Restitution Process For Hacked Funds

In a significant effort, Curve Finance has successfully retrieved 70% of the funds affected by the hack. While this achievement marks an important milestone, an active investigation is underway to recover the remaining balance and hold the perpetrators accountable.

Understanding the gravity of the situation, Curve Finance has also taken proactive measures to ensure a fair and transparent distribution of the recovered funds to affected users.

The protocol is diligently working to measure the respective shares of each impacted account, aiming to facilitate an equitable restitution process that prioritizes user protection and trust restoration.

Curve Finance’s recovery efforts are further bolstered by their recent announcement of a $1.85 million bounty. This generous reward will be granted to anyone who can provide accurate information leading to the identification and apprehension of the attackers holding the remaining funds. 

By offering this substantial bounty, Curve Finance actively encourages community participation and collaboration to expedite the investigation and bring the perpetrators to justice.

Curve’s Post-Hack Safety Report

Following a thorough investigation, Curve Finance discovered that the exploit primarily targeted the aleth, peth, mseth, and crveth pools. 

The vulnerability stemmed from a bug within the vyper 0.2.15-0.3.0 version, which the protocol promptly identified as the root cause of the breach. By swiftly pinpointing the issue, Curve Finance was able to take immediate action to mitigate any further risk to its users.

It is important to note that all other pools on Curve Finance have been confirmed as safe and unaffected by the exploit, according to Curve’s update. This assurance gives users the confidence to continue utilizing the platform, knowing that their funds remain secure within these pools.

Alongside the technical remediation, Curve Finance collaborates with security experts, auditors, and the broader DeFi community to conduct thorough audits and implement additional security measures. 

This collaborative approach aims to reinforce the protocol’s resilience and prevent similar incidents in the future. Overall, Curve Finance’s recovery of 70% of the hacked funds, coupled with its ongoing investigation and bounty initiative, underlines the protocol’s commitment to user protection and the broader DeFi community. 

Curve

According to Token Terminal data, Curve Finance’s circulating market cap currently stands at $518.76 million, reflecting a decrease of 22.29% over the analyzed period. 

The fully diluted market cap, which represents the potential future market value of the project, is estimated at $1.97 billion.

Curve Finance’s total value locked (TVL), a crucial indicator of the protocol’s popularity and user engagement, currently amounts to $2.44 billion. Despite a decline of 35.19% over the analyzed period, Curve Finance maintains a substantial TVL, highlighting its significance within the DeFi landscape.

Featured image from iStock, chart from TradingView.com

Curve Finance Announces $1.85 Million Bounty For Stable Pool Exploiter

Curve Finance, a popular decentralized (DeFi) protocol, has recently announced that it was rewarding persons capable of identifying the exploiters behind the draining of over $61 million from the platform’s stable pools on July 30. 

The huge bounty offer is open to every person who can pinpoint the individual behind the incident in such a way that would lead to definitive legal repercussions. 

Curve Finance Extends Bounty Offer to the Public

Curve Finance announced the public offer using an Ethereum transaction’s input data, noting that the allowed time for the voluntary return of the funds connected to the Curve exploit was 08:00 UTC, and that time is now elapsed. 

Curve and other protocols that were affected by the attack had previously offered a 10% bug bounty to the hacker on August 3. Upon agreeing to the offer, the hacker returned part of the stolen assets to JPEGd and Alchemix but did not refund other affected pools. 

Since the time allowed has elapsed, Curve announced that any person capable of identifying the hacker would receive assets worth $1.85 million. This recent announcement was extended in scope to include members of the general public. 

According to Curve, while the deadline for the voluntary return of stolen funds had passed, should the hacker elect to return the stolen funds, the platform “…will not pursue this further.” 

While returning the parts of the funds earlier, the hacker left a message that was seemingly targeted at Curve and Alchemix teams, noting their intention to return the funds. However, the hacker stated that the decision to return such funds was not based on fear of being recognized but rather out of a desire not to “ruin” the projects associated with the exploit.

Curve Finance (CRV) price chart from Tradingview.com

The $61 Million Reentrancy Attack

Members of the Curve Finance community were left shocked after a hacker utilized vulnerable versions of the Vyper programming language to implement reentrancy attacks on stable pools within Curve Finance on the 31st of July. 

The attack drained Curve Finance of over $61 million, including $13.6 million from Alchemix’s aIETH-ETH, $11.4 million from JPEGd’s pETH-ETH, and $1.6 million from Metronome’s sETH-ETH. The event raised concerns about the likely fallout in the cryptocurrency ecosystem, especially with respect to the risks posed to every pool using Wrapped Ether (WETH).

The DeFi community rallied around to provide support to Curve Finance and on the 31st of July, a white hat hacker was able to successfully recover from the exploiter about 2,879 Ether worth about $5.4 million, which was later returned to Curve Finance. Another ethical hacker also recovered about 3,000 ETH and refunded it to Curve Finance’s deployer address. 

Curve DAO (CRV) Price Recovery Post-Exploit: What Would Be A Realistic Scenario?

Curve DAO (CRV) has established itself as a prominent DeFi platform, renowned for providing ample liquidity, particularly for stablecoins. However, an unfortunate security breach occurred over the weekend, causing a significant decrease in both the total funds entrusted to Curve and the value of its native token, CRV, which serves as a means of transaction within the protocol. 

According to a report from Bloomberg, this decline in CRV’s price has put the substantial sum of over $100 million in loans at risk of being liquidated, posing a serious challenge for Curve Finance’s founder, Michael Egorov.

As news of the potential liquidation of the Curve Founder’s assets spread, the sentiment among investors turned increasingly fearful, resulting in a notable impact on the CRV market’s price action in recent days. Many are now questioning whether there is any hope for a recovery.

CRV Price Analysis: Mixed Trends Prompt Speculation On Sentiment

According to CoinGecko, the price of CRV currently stands at $0.563, reflecting a decrease of -2.40% in the last 24 hours. Additionally, over the past seven days, CRV has experienced a significant decline of 22.1%.

Despite the recent uptick, a bearish sentiment overshadows the CRV token’s prospects. Notably, a fundamental support level lies at the $0.5 mark, which underwent testing in November and December 2022.

Furthermore, a potential positive price response might be witnessed at the $0.32 support level from October and November 2020.

Unveiling Potential Shifts In Sentiment

An intriguing observation comes from the CRV price report, highlighting a sudden spike in previously dormant Open Interest (OI) charts within the past 48 hours. This occurrence coincided with a period of losses for the Curve DAO token on the chart.

A noteworthy development emerged during the recent rebound from $0.5 as the OI continued its ascent. This phenomenon raises the question: could this point to a direction toward bullish sentiment?

As the CRV token navigates these mixed trends, market participants contemplate the interplay between short-term gains, historical support levels, and the evolving Open Interest dynamics. The complex mosaic of these factors will likely shape the sentiment and direction of CRV’s journey in the days to come.

Egorov Responds To Contagion Concerns Amidst CRV Incident

Meanwhile, Egorov talked to Bloomberg in the same report, shedding light on his strategic approach to mitigate the impact of the ongoing liquidation threat. He shared his focus on diminishing the sizes of his loans as a precautionary measure.

Speaking about the potential contagion effects of the situation, Egorov conveyed his perspective in an email to the publication: 

“I cannot comment much about contagion effects apart from saying that we, and I personally, work on minimizing or eliminating the impact,” he wrote. “In any case, I think we and all DeFi will come out stronger surviving this event.”

(This site’s content should not be construed as investment advice. Investing involves risk. When you invest, your capital is subject to risk).

Featured image from Bankless Times