Curve Finance Approves $49M Payout for July Hack VictimsCurve Finance community votes to reimburse $61 million in losses from July hack, ensuring trust in decentralized finance security.
The decentralized finance (DeFi) community of Curve Finance has taken a decisive step toward addressing the aftermath of a significant security breach in July. In a recent development, most of Curve’s token-holders, accounting for 94%, voted in favor of a plan to reimburse liquidity providers (LPs) who were financially impacted by the $61-million hack. This approval, confirmed through on-chain data on December 21, sets the stage for distributing over $49.2 million worth of tokens.
The proposed reimbursement scheme is designed to cover losses across several pools, including Curve (CRV), JPEG’d (JPEG), Alchemix (ALCX), and Metronome (MET). This calculation considers the Ethereum and CRV tokens present in these pools before the hack and the CRV emissions that LPs missed out on in the ensuing months. The Curve community fund will provide the necessary CRV tokens for this compensation. The final sum also accounts for the tokens that were recovered post-incident.
Curve Finance Community Votes on Post-Hack Reimbursement Plan
The security breach that triggered this series of events occurred on July 30, exposing vulnerabilities in various DeFi protocols and raising concerns about their impact on the broader crypto ecosystem. Curve’s total value locked (TVL) was nearly $4 billion. The affected pools included alETH/ETH, pETH/ETH, msETH/ETH, and CRV/ETH.
Although a significant portion of the stolen funds was recovered, the affected pools still faced a deficit due to the actions of Maximal Extractable Value (MEV) bots. The Curve proposal aims to rectify these shortfalls and ensure that affected LPs are made whole.
The identified vulnerability was in stable pools utilizing certain versions of the Vyper programming language, commonly used in DeFi protocols for its compatibility with the Ethereum Virtual Machine. Versions 0.2.15, 0.2.16, and 0.3.0 of Vyper were found to be susceptible to reentrancy attacks, which the attacker exploited.
Curve’s Response to Incident Strengthens Community
This incident and the subsequent response by the Curve community highlight the evolving challenges and responsibilities faced by DeFi protocols. It underscores the importance of robust security measures and continuous vigilance against potential vulnerabilities. The Curve community’s proactive stance in addressing its members’ losses is significant in building trust and stability within the DeFi ecosystem.