On July 30, several decentralized finance (DeFi) protocols faced a sophisticated attack, resulting in a staggering loss of cryptocurrency valued at over $24 million. The hackers targeted liquidity pools on the popular automated market maker (AMM) platform, Curve.
JPEG’d Hit with $11 Million Loss
Among the affected projects, the NFT lending protocol JPEG’d experienced the heaviest hit, losing $11 million in cryptocurrency. JPEG’d boasted a total value locked (TVL) of about $32 million, allowing users to use NFTs as collateral for loans.
Alchemix and Metronome DAO Also Suffer Losses
Not only JPEG’d but other DeFi protocols also suffered considerable losses due to the exploit. Alchemix and Metronome DAO reported losses of $13.6 million and $1.6 million, respectively, in the wake of the attack.
Maximal Extractable Value (MEV) Bot Thwarts the Attack
A Maximal Extractable Value (MEV) bot detected the would-be attacker’s transaction and preemptively executed a similar transaction before them. By front-running the attacker, the MEV bot mitigated some of the losses.
Vyper Flaw Leads to Vulnerability
The vulnerability’s root cause was traced back to Vyper, a third-party programming language used for Ethereum smart contracts. The compiler for Vyper failed, leading to the ineffectiveness of re-entry guards built into the projects’ code.
Conclusion: Security Remains a Critical Focus in DeFi
The recent exploit on Curve liquidity pools has raised concerns about the security of DeFi protocols. As the DeFi ecosystem continues to grow, ensuring robust security measures becomes paramount to safeguard user funds and protect against potential attacks. Stay vigilant and informed about the latest developments in the DeFi space to navigate the ever-evolving landscape safely.