Upbit Stops CRV Withdrawal as Curve Finance Loses Millions of Dollars to Exploit
<p>Upbit, a
South Korean cryptocurrency exchange, has temporarily suspended deposits and
withdrawals of CRV, the governance token of Curve Finance, a decentralized
exchange for stablecoins. The move comes as hackers over the weekend exploited
a ‘re-entrancy’ bug in Vyper to steal millions of dollars.</p><p>Curve Suffers Hacking</p><p>Reentrancy
is a type of vulnerability in smart contracts that enables attackers to make
repeated calls to a protocol, creating the opportunity to
steal funds from such smart
contracts or execute other
malicious actions. On the other hand, Vyper is a Python-like language for the
Ethereum Virtual Machine (EVM), which is a software that runs on Ethereum and
handles the blockchain’s smart contracts system.</p><p>In an
announcement <a href="https://sg.upbit.com/service_ceanter/notice?id=2745" target="_blank" rel="follow">released</a> today (Monday), Upbit explained
that it took the decision to halt the withdrawal of CRV in order “to ensure the
safety of digital asset transactions.”</p><p>“Today,
certain vulnerabilities have been discovered in some of the stablecoin pools
associated with Curve (CRV). As a result, CRV is currently experiencing
significant volatility. We advise exercising caution when considering any
investments related to CRV,” Upbit stated.</p><p>Vyper announced
the exploit earlier yesterday (Sunday), noting that certain versions of its language
were vulnerable to ‘malfunctioning reentrancy locks’. Curve Finance also
followed up with an
update, saying the event affected 'a number of
stable pools.</p><blockquote><p lang="en" dir="ltr">A number of stablepools (alETH/msETH/pETH) using Vyper 0.2.15 have been exploited as a result of a malfunctioning reentrancy lock. We are assessing the situation and will update the community as things develop.Other pools are safe. <a href="https://t.co/eWy2d3cDDj">https://t.co/eWy2d3cDDj</a></p>— Curve Finance (@CurveFinance) <a href="https://twitter.com/CurveFinance/status/1685693202722848768?ref_src=twsrc%5Etfw">July 30, 2023</a></blockquote><p>According
to Cointelegraph, Michael Egorov, Curve Finance’s CEO confirmed through a
Telegram Channel that 32 million CRV tokens worth over $22 million were stolen.
However, BlockSec, a smart contracts audit platform, puts the figure at over
$41 million.</p><blockquote><p lang="en" dir="ltr">The sheet updated. Losses have already ~$41m!<a href="https://t.co/lCaS4uEPzm">https://t.co/lCaS4uEPzm</a> <a href="https://t.co/stQYNJFS7y">https://t.co/stQYNJFS7y</a> <a href="https://t.co/P7jG8NHnV4">pic.twitter.com/P7jG8NHnV4</a></p>— BlockSec (@BlockSecTeam) <a href="https://twitter.com/BlockSecTeam/status/1685741725103583233?ref_src=twsrc%5Etfw">July 30, 2023</a></blockquote><p>Furthermore, Huobi Global estimated that losses from the attack were up to $52 million. The Seychelles-based crypto exchange added that it was closely monitoring the situation.</p><blockquote><p lang="en" dir="ltr"><a href="https://twitter.com/hashtag/DeFi?src=hash&ref_src=twsrc%5Etfw">#DeFi</a> projects: <a href="https://twitter.com/hashtag/Curve?src=hash&ref_src=twsrc%5Etfw">#Curve</a>'s JPED'd: pETH-ETH pool, & Alchemix, & JPEG'd, faced attacks resulting in a $52M loss. Your asset security is our top priority. We are monitoring the situation closely.<a href="https://twitter.com/hashtag/Huobi?src=hash&ref_src=twsrc%5Etfw">#Huobi</a> supports RWA tokens such as like <a href="https://twitter.com/search?q=%24MKR&src=ctag&ref_src=twsrc%5Etfw">$MKR</a>, <a href="https://twitter.com/search?q=%24COMP&src=ctag&ref_src=twsrc%5Etfw">$COMP</a>, <a href="https://twitter.com/search?q=%24CRV&src=ctag&ref_src=twsrc%5Etfw">$CRV</a>, <a href="https://twitter.com/hashtag/WSTUSDT?src=hash&ref_src=twsrc%5Etfw">#WSTUSDT</a>, and <a href="https://twitter.com/search?q=%24TRX&src=ctag&ref_src=twsrc%5Etfw">$TRX</a> . Trade… <a href="https://t.co/2YHGaFuGkc">pic.twitter.com/2YHGaFuGkc</a></p>— Huobi (@HuobiGlobal) <a href="https://twitter.com/HuobiGlobal/status/1685903773850542080?ref_src=twsrc%5Etfw">July 31, 2023</a></blockquote>
This article was written by Solomon Oladipupo at www.financemagnates.com.
Leave a Comment