Crypto Token of Key DeFi Exchange Curve Finance Sinks After Exploit

The native token of one of crypto’s top decentralized exchanges tumbled after the platform said it had been “exploited” as a result of a vulnerability in a programming language.

(Bloomberg) — The native token of one of crypto’s top decentralized exchanges tumbled after the platform said it had been “exploited” as a result of a vulnerability in a programming language.

Curve Finance, like other decentralized finance projects in crypto, relies on different kinds of software built on top of blockchain technology. A glitch in a particular version of Vyper — a programming language similar to Python and widely used in DeFi applications — led to the exploit, Curve tweeted Sunday.

Curve Finance’s CRV token has shed about 13% since the problem emerged and was trading at approximately 64 US cents as of 12:50 p.m. in Singapore on Monday, according to data compiled by Bloomberg.

BlockSec, which provides security audit services for crypto software, estimated the hack had already led to more than $40 million in losses. Tarun Chitra, chief executive officer and founder of crypto risk modeling firm Gauntlet, estimated the exploiter made away with about $20 million of CRV and a version of Ether.

“We are assessing the situation and will update the community as things develop,” Curve said. 

The total value of assets locked on Curve Finance — the largest decentralized exchange after Uniswap — retreated to about $1.7 billion on Monday from more than $3 billion on Sunday, according to data provider DeFiLlama. 

Curve’s founder Michael Egorov did not immediately respond to a request for comment. 

CRV is used as collateral on a decentralized lending service known as Aave. Gauntlet’s Chitra said that so far there were no signs of “bad loans” on the Aave platform due to the slide in CRV. Aave’s token has declined about 4% in the past 24 hours, CoinGecko figures show.

Digital assets like Bitcoin and Ether wobbled a tad on concerns about wider potential knock-on effects but later stabilized. Bitcoin was little changed at about $29,400, while Ether was steady at $1,865.

Hackers pilfered a record $3.8 billion worth of crypto in 2022 and Curve Finance was among the long list of organizations impacted.

The pace of incidents has cooled but the risk of security breaches still clouds decentralized finance, or DeFi, where people rely on blockchain-based software known as smart contracts to undertake activities like trading or lending. 

–With assistance from Sidhartha Shukla.

(Updates with the drop in the total value of assets locked on Curve Finance in the sixth paragraph.)

More stories like this are available on bloomberg.com

©2023 Bloomberg L.P.