Update on Curve Attack on the Morning of July 31

The attack on Curve Finance on the evening of July 30 continues to have severe repercussions for the project and the DeFi sector.

Update on Curve Attack on the Morning of July 31

Cause of the Attack: Continuous Exploitation of Curve Finance Liquidity Pools

In the early morning of July 31, information surfaced that the CRV/ETH pool was attacked, draining 7 million CRV (worth $4 million) and $14 million in WETH. Notably, the attack occurred just minutes before white hat hackers began a rescue operation for the affected liquidity pools due to the reentrancy vulnerability discovered on the evening of July 30.

The damage from Curve's reentrancy vulnerability has reached nearly $70 million, with $16.9 million already returned. This leaves $52.4 million still at risk of being permanently lost.

The early hours of July 31 were extremely chaotic, with many white hat hackers attempting to rescue funds from Curve while malicious actors waited to front-run them. Ultimately, both were front-run by MEV bots.

The MEV war was so intense that in the past 12 hours, Ethereum recorded some of the highest MEV reward blocks in history.

CRV Price Impact

Following the attack, CRV’s price dropped over 15% to $0.583 before recovering to $0.623 at the time of writing.

TVL Withdrawal and Exchange Reactions

Crypto investors are rushing to withdraw liquidity from Curve, causing the project's TVL to drop nearly 45% in the last 24 hours.

Due to the attack, the two largest crypto exchanges in South Korea, Upbit and Bithumb, announced the temporary suspension of CRV deposits and withdrawals, causing the token's price on these platforms to spike due to the loss of arbitrage opportunities with international markets.

The attack on Curve Finance not only highlights the vulnerabilities within DeFi but also underscores the importance of rapid and coordinated responses to security breaches to minimize losses and protect investor funds.