CRV-ETH Liquidity Pool on Curve Hit by Another Flash Loan Attack

On-chain data indicates that the CRV-ETH pool on Curve has once again been targeted by a flash loan attack. Fortunately, a white-hat hacker intervened to rescue and return the assets.

Flash Loan Attack on CRV-ETH Pool

The crypto community on Twitter is abuzz with discussions about Curve Finance, especially after another flash loan transaction exploited a vulnerability in the CRV-ETH pool.

Despite the attack, it appears that a white-hat hacker managed to save approximately $700,000 worth of assets. The transaction likely involved taking out a flash loan, exploiting the Curve's LP Token mechanism vulnerability to create a loop and siphon funds.

Successful Rescue Operation

Twitter user Addison confirmed that he, along with NotDeGhost, epheph, and the Curve Finance team, successfully rescued $700,000 (comprising 371 ETH and 92.5 thousand CRV). All the funds have been sent to an Aragon contract managed by veCRV holders. These funds will soon be transferred to a new contract, allowing LPs to reclaim their assets.

Addison also mentioned that a detailed explanation of the vulnerability would be published soon.

"We will soon publish a detailed article explaining the vulnerability exploited in this attack."

Previous Incident and Bug Bounty Program

On the evening of August 04, the hackers responsible for the earlier attacks on Curve's liquidity pools began returning the stolen funds. According to prior agreements, Curve Finance will reward the hackers with a 10% bug bounty for returning the stolen assets.

This series of events underscores the ongoing security challenges in the DeFi space, emphasizing the need for robust security measures and community vigilance.