Curve Finance To Refund Affected Users In July Hack Exploit
Latest News News

Curve Finance To Refund Affected Users In July Hack Exploit

  • Curve Finance community has decided to refund users who were affected in the July hack exploit.

On the 30th of July, four Curve Finance pools were exploited due to a re-entrancy bug made possible by the Vyper programming language.

The hackers attacked four mining pools and made off with a total of $73.5 million. Almost immediately, the community sprang into action.

Curve itself extended the standard olive branch, offering to treat the incident as a white hat incident in return for 90% of the stolen funds being sent back.

Meanwhile, genuine white hats also went after the hackers, managing to recover a small portion of the funds and return them to the exchange.

Total Recovery Was Impossible

Some of the attackers – particularly those involved in the breach of Metronome – took Curve up on the offer, returning 90% of the funds. 

Unfortunately, not all of the hackers were inclined to give up their newfound wealth.

After about $52 million were recovered, the Curve community set about the task of deciding if users should be reimbursed and, if so, how it should be done.

Ultimately, the matter was decided by a vote.

Going Above and Beyond

The proposal, which was agreed upon by 94% of voters, promised to not only refund any tokens left unaccounted for but also to make up for missed CRV emissions that would have been distributed to Curve pools had the hack not taken place.

“While stolen funds in each pool were either completely or partially recovered, MEV bots have left all affected pools with a shortfall, and this remediation proposal seeks to make affected LPs whole. […] The overall ETH to recover was calculated as 5919.2226 ETH, the CRV to recover was calculated as 34,733,171.51 CRV and the total to distribute was calculated as 55’544’782.73 CRV.”

Ultimately, the community will reimburse affected users for a total of $42 million worth of CRV, negating the calculated loss of over $94 million.

Offering to reimburse unrealized gains was a nice touch – one that will surely bolster the confidence of those investing in CurveDAO-related pools.

However, it seems that the developers still have work to do to ensure that this costly situation does not repeat itself. 

It’s worth mentioning that another attack on Curve Pools – albeit using a different method – was successfully executed just last month.

Given the vast resources of the DAO in question, a significant investment into better security seems in order.

Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. Crypto is not a legal tender and is subject to market risks. Readers are advised to seek expert advice and read offer document(s) along with related important literature on the subject carefully before making any kind of investment whatsoever. Crypto market predictions are speculative and any investment made shall be at the sole cost and risk of the readers.