DeFi Protocols Lose $70M+ in Vyper Code Bug Heist

DeFi Protocols Lose $70M+ in Vyper Code Bug Heist

The vulnerabilities in Vyper enabled hackers to steal over $70 million from platforms like Curve, Alchemix, and JEG, this dealt a serious blow to many DeFi protocols.

On July 30, the Vyper team disclosed incorrect implementation of defenses against reentrancy attacks. The vulnerabilities impacted the most recent version of their smart contract language. Reentrancy attacks involve an attacker repeatedly calling a function within a smart contract before its previous call completes. This exploits the contract’s logic to drain funds or manipulate data.

After the attack, the DeFi community swiftly responded, advising users to withdraw assets from Curve pools to minimize risks. This aimed to reduce exposure to potential vulnerabilities.

DexScreener statistics revealed an 86% collapse in the CRV token on decentralized exchanges amid the commotion. In the last 24 hours, the token dropped by only 15%, reaching around $0.60. DeFi protocols lost around $70 million, with potential recovery due to white-hat hackers and MEV bots.

Bankless reported losses exceeding $45 million from Alchemix, Metronome, and JPEG’d DeFi protocols, and $25 million from Curve’s CRV/ETH pool.

Transaction data showed that an MEV bot front-ran the $11 million attack against JPEG’d, an NFT lending protocol. With on-chain statistics indicating that the attackers have not yet started to sell their $4.5 million worth of illegally obtained CRV tokens, the cryptocurrency’s server volatility may still be present.

Defi Vulnerabilities and the Urgent Need for Security Enhancements

The event has also sparked questions about Michael Egorov, the inventor of Curve, and his DeFi borrowing practices. Egorov has taken out substantial loans against his holdings of more than $100 million in CRV on websites like Aave, Fraxlend, Abracadabra, and Inverse Finance.

In response, Egorov paid off some of his obligations and added more collateral, which resulted in a drop in his liquidation price to $0.37 per CRV on Aave. There is a concern, though, that if his investments are liquidated, it may lead to bad debt for Aave and other lending protocols because CRV doesn’t have enough on-chain liquidity.

Curve’s exploit raised concerns, but ChainLinkGod highlighted that using Chainlink’s price feed prevented worse DeFi consequences.

Due to the withdrawal of cash from Aave and other procedures as a result of the hack, which has caused a wave of panic among DeFi lenders, borrowing costs have increased. USDT has 89.5% utilization with 38% interest. USDC has 93% utilization and 22.4% loan rates. Egorov faces pressure with his $60 million borrowed USDT.

The incident has reignited debates over the dangers posed by DeFi platforms and the need for stronger security precautions and regulatory clarity. DeFi must address weaknesses and enhance security to safeguard investors and businesses from crippling attacks.



About Valbona

I am a passionate and dedicated student studying Computing and Information Technology at an American university. With a love for reading, writing, and research, I possess technical and problem-solving skills. I have a vision to make a meaningful impact in the world of technology, I aspire to develop innovative solutions that improve lives and empower individuals in the digital age.

Related Posts