Series of Exploits Hit Curve Finance’s Liquidity Pools

 Series of Exploits Hit Curve Finance’s Liquidity Pools

Curve Finance, a prominent decentralized finance (DeFi) protocol, has been facing a wave of attacks on its liquidity pools, resulting in substantial losses for multiple projects. The recent incidents, involving Conic Finance, JPEG’d, Metronome, and Alchemix, have raised concerns within the DeFi community. The string of attacks began with Conic Finance on July 21, where assets were drained due to a connection with LP Tokens on Curve Finance. Subsequently, on July 30, the Lending NFT JPEG’d project reported an exploit involving the pETH-ETH liquidity pool on Curve Finance, resulting in an $11 million loss. The same day, Metronome also suffered a $1.6 million loss following a similar exploit. Additionally, Alchemix’s alETH became a victim, experiencing an estimated $13.6 million loss linked to a liquidity pool on Curve. The exact reasons behind these exploits have not been fully disclosed at this time. However, the community has speculated two primary factors. First, vulnerabilities in versions 0.2.15/0.2.16/0.3.0 of the VyperLang programming language are suspected. These versions lack the Re-Entrancy anti-attack filter, enabling hackers to execute rounding attacks and withdraw funds from liquidity pools.