Decentralized finance (DeFi) platform Curve Finance has announced its plan to refund users affected by the recent attack that resulted in a loss of $62 million. The incident, which occurred on July 30, 2023, involved a malicious hacker exploiting security vulnerabilities in Curve Finance’s Vyper compiler, specifically targeting versions 0.2.15 to 0.3.0.
Exploiting a Security Vulnerability
The attacker’s skillful manipulation of these vulnerabilities led to the targeting of pools including CRV/ETH, alETH/ETH, msETH/ETH, and pETH/ETH, as well as three pools on the Layer-2 scaling network Arbitrum. Experts in the field have emphasized that detecting these security vulnerabilities required a significant amount of skill and resources. One contributor to Viper even stated that the attack was likely planned weeks before execution.
Recovery and Refund
According to official posts from Curve Finance’s account, ongoing investigations have…
