Curve Finance to Reimburse Users Impacted by Hack

Curve Finance said it had recovered 70% of the $62 million stolen from its liquidity pools in a July 30 reentrancy hack. The decentralized finance (DeFi) protocol promised to reimburse users impacted by the incident.

The DeFi project noted that the attack impacted pools running on Vyper compilers between 0.2.15 and 0.3.0.

Affected Curve Pools

Curve has revealed that its arbitral-tri crypto pool shares the same vulnerability exploited in the July 30 incident. However, it ascertained that no potential for exploitation exists within this pool.

Despite this assurance, the platform advised liquidity providers to withdraw their assets from the pool.

On July 30, a series of DeFi platforms fell victim to reentrancy attacks stemming from vulnerabilities in various iterations of Vyper. This smart contract language, designed for the Ethereum virtual machine (EVM), became the target of multiple hacks, leading to the loss of more than $60 million.

Due to the hack, crypto data aggregator Kaiko reported that the incident had affected confidence in Curve’s stETH-ETH pool. The pool has continued to record large outflows, reducing liquidity for the largest liquid staking token.

70% of Stolen Funds Recovered

According to an X (formerly Twitter) post from its official account, Curve had recovered 70% of the hacked funds. Available information shows that white hat hackers, including Coffeebabe.eth, Addison Spiegel, played a significant role in these recoveries. However, about $18.5 million is still yet to be recovered.

Meanwhile, Curve said it was assessing the loss suffered by each user to determine how it would redistribute its assets properly. The DeFi protocol further stated that it was actively investigating how to recover the rest of the stolen funds.

Curve did not provide additional information on how or when the reimbursements would occur.

On August 6, Curve offered a 10% public bounty, worth around $1.85 million, after the hacker refused to return the stolen funds voluntarily. At the time, the protocol stated that it was giving the public a chance to identify the exploiter in a way that could lead to a conviction in the courts. 

Curve Makes Steady Recovery

Since its exploit, the Curve ecosystem has made steady progress, with Binance Labs investing $5 million in its CRV token.

Yi He, Co-Founder of Binance and Head of Binance Labs, said the investment was to offer the exchange’s full support to Curve through its investment and strategic collaboration because of the recent event.

Besides that, the DeFi project had also seen substantial support from Tron Network’s founder, Justin Sun.

Additionally, the total value of assets locked on Curve has begun to climb after drastically declining following the incident. DeFillama data shows that its TVL has increased to $2.41 billion—up 2% over the past week.