Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
Curve Finance, a decentralized finance (DeFi) platform specializing in stablecoin lending, has officially announced its plan to compensate users affected by the recent breach that led to a $62 million loss from the system.
As stated in a post by Curve Finance, ongoing investigations are making headway, with around 79% of the funds successfully recovered. The platform also highlights its current focus on evaluating the proportional shares of each affected user.
This assessment aims to facilitate a fair allocation of resources. The incident, which took place on July 30, involved malicious actors taking advantage of vulnerabilities in the release history of Curve Finance’s Vyper compiler.
Quick post-hack update.
While 70% of the funds impacted by the hack last week have been recovered, an active investigation regarding the remainder is ongoing.
In the meantime, we are also working on determining the respective shares of each affected user to ensure proper distribution.— Curve Finance (@CurveFinance) August 11, 2023
Related Posts
The individual responsible for the hack specifically targeted versions 0.2.15 to 0.3.0 of the Vyper compiler. Clearly, the hacker demonstrated an understanding of the specific weaknesses present in the historical versions of Vyper. Identifying these vulnerabilities would have required a considerable level of expertise and significant resources, as noted by industry experts.
There are indications that the operation was carefully orchestrated prior to its execution. A contributor to Vyper firmly believes that the scheme likely took hackers several weeks, if not months, to devise. Among the pools that faced consequences are CRV/ETH, alETH/ETH, msETH/ETH, and pETH/ETH. Additionally, there is increasing concern that the tri-crypto pool on Arbitrum may also have been affected.
Related: Aave DAO opens voting on proposals to reduce CRV exposure
Unfortunately, the attack resonated throughout the entire DeFi ecosystem. A thorough investigation of the breach highlighted a significant issue within the emerging cryptocurrency sector: the lack of adequate incentives to uncover vulnerabilities in earlier software versions.
A bounty of 10% was offered to the individual responsible for the breach, and upon acceptance of the offer, the perpetrator initiated the process to restore the funds a few days later. This action was confirmed by Etherscan data, which showed that the individual behind the attack executed three separate transactions to the Alchemix Finance developer wallet. The total value of these transfers amounted to 4,821 Ethereum (ETH), equivalent to $8,891,578 at that time. Currently, the restitution process remains unfinished.
Magazine: Should crypto projects ever negotiate with hackers? Probably
