The $73.5 Million Curve Finance Hack: Unveiling the Story Behind the Incident
TL;DR
- Curve Finance and other interconnected protocols suffered a breach with $73.5 million at stake.
- Amidst the attack, white-hat hackers and MEV bots strived to front-run the attacker to recover funds.
- Redemption efforts emerged through a joint initiative, returning a substantial portion of the pilfered funds.
- The root cause was a hidden compiler bug in the programming language Vyper that created a ripple of vulnerabilities.
- The incident further highlighted the need for safeguarding DeFi assets.
On a gloomy Sunday, July 30th, the world of DeFi was rocked by an event that sent shockwaves throughout the blockchain ecosystem. Curve Finance, a cornerstone of the DeFi world known for its integral role in providing liquidity for ETH-pegged assets, was exploited and the hack had far-reaching consequences that extended beyond its immediate impact. With a staggering $73.5 million at stake, this breach not only exposed vulnerabilities within Curve Finance but also triggered a harrowing domino effect, affecting an array of interconnected protocols reliant on Curve's liquidity infrastructure. As we delve into the labyrinthine story behind the hack and its aftermath, we uncover how a single breach can send ripples of uncertainty through the DeFi landscape.
A Gloomy Sunday: From Vulnerability to Chaos
The story began with an unassuming alert from PeckShield, a renowned blockchain security firm, about unusual activities stirring within the NFT lending protocol, JPEG’d. As the digital ink on PeckShield's warning was still drying, Curve Finance entered with a swift dismissal in the form of a now-deleted tweet, attributing the concerns to a mere "read-only reentrancy bug." Little did they know that this proclamation would be the precursor to a tumultuous series of events that revolved around Curve themselves.
Following the $11.5 million exploit of JPEG’d, a crescendo of attacks unfolded across different DeFi pools.
- Alchemix DAO's alETH-ETH pool bore the brunt of a $22 million hit, losing $13.6 million worth of ETH and $8.4 million in ERC-20 tokens.
- The Metronome DAO's sETH-ETH pool followed suit, suffering a $1.6 million loss.
- Curve Finance, the epicenter of the storm, found itself in the crosshairs as its CRV/ETH pool sustained a devastating blow. Michael Egorov, Curve's CEO, took to Telegram to confirm that $22 million worth of CRV tokens had been siphoned from Curve's swap pool.
Amidst the unfolding turmoil, a band of white-hat hackers emerged, determined to salvage the compromised funds. Their efforts, however, were repeatedly outpaced by the hackers they sought to thwart. In this intricate dance between virtue and vice, an unexpected protagonist emerged: the MEV bots. These digital agents successfully front-ran the hackers and orchestrated the return of stolen funds from these front-runs of malicious transactions, a gesture that revealed the nuanced interplay between ethical hacking and illicit exploits. One distinctive figure among them, c0ffeebabe.eth, extracted around $5.3 million from Curve's CRV/ETH pool and approximately $1.6 million from the Metronome msETH pool, then reinstated the funds to the afflicted protocols.
A Hidden Door: Understanding the Cause of the Breach
Initially, the source of the hacks was attributed to a commonly known vulnerability termed the "read-only reentrancy," which had plagued several protocols in recent months. However, a deeper investigation revealed a more complex and unique root cause. The exploited contracts were not external projects relying on Curve pools as price references; rather, they were the Curve pools themselves.
The underlying issue traced back to a previously unknown compiler bug in certain older versions of Vyper, the programming language employed for Curve's contract development. Specifically, versions 0.2.15, 0.2.16, and 0.3.0 of Vyper had vulnerabilities that rendered certain smart contracts susceptible to reentrancy attacks. A reentrancy attack, in simple terms, is like when someone finds a way to take more candy from a candy jar than they’re supposed to. Imagine there’s a candy jar that only lets you take one piece of candy at a time. But someone finds a way to trick the candy jar into giving them more than one piece of candy every time they ask for it. They keep doing this until all the candy is gone. In a similar way, a reentrancy attack happens in computer programs known as smart contracts, but instead of candies, it involves money, and hackers find a way to repeatedly take more money than they should from these contracts. These attacks manipulate contract balances by deceiving the protocol into miscalculating, thereby facilitating the illicit withdrawal of held funds.
As a matter of fact, this bug had been exploitable since 2021, and its inadvertent patching was released in December 2021 with version 0.3.1, but there was little public recognition of both the bug and its remedy. Criticism intensified when BlockSec and Supremacy, two self-proclaimed leading blockchain security agencies, revealed the details of the vulnerability, especially the version numbers that were at risk, while the exploit and mitigation efforts were still in progress.
Beyond the Breach: DeFi’s Quest for Redemption
In a striking display of collaboration and a bid for redemption, a joint effort emerged on August 3rd, spearheaded by Curve, Metronome, and Alchemix. United by a common purpose, the protocols put forward an initiative to recover the stolen funds from the recent attack. A 10% bounty of the pilfered funds was extended as an incentive, enticing those responsible for the breach to step forward and relinquish the remaining 90%. This bold endeavor, offering a potential reward nearing $7 million, arrived with a pledge of leniency—promising an absence of further legal measures or involvement of law enforcement. This was the way the protocols conveyed their desire to resolve the matter through civilized means.
The response was swift. In less than a day, on August 4th, the original perpetrator of the multimillion-dollar exploit seemingly embraced the olive branch extended. A wave of restitution began as the hacker initiated the return of the funds acquired just days prior. First, a total of $9 million flowed back into the coffers of Alchemix Finance and Curve Finance. Then within hours on August 5th, the hacker fully restored the stolen funds to Alchemix and JPEG’d.
Amidst this astonishing turnaround, the attacker communicated a resolute message, possibly intended for the Alchemix and Curve teams. The statement indicated a willingness to return the funds not due to apprehension, but rather as an act of preserving the integrity of the protocols in question.
Irrespective of his motives, his decision to return the funds stood as a rarity among hackers. That combined with efforts of white hat hackers and MEV bots racing to counter the exploits on July 30th, a remarkable outcome was achieved: approximately 73% of the pilfered funds, amounting to nearly $52.3 million, were successfully recovered and returned. This unprecedented level of retrieval stands as a testament to the intricate interplay and multifaceted dynamics among ethical intervention, community power, and advanced technology within the DeFi landscape.
Lessons Etched in Blockchain: Safeguarding Your DeFi Assets
The Curve incident is one of the very rare occurrences where the majority of the exploited funds have been successfully restored to the affected protocols. That said, not all has been restored and in most incidents, lost funds are lost forever. In the DeFi world, relying solely on the hope of attackers returning stolen funds is pure wishful thinking. Users should consider alternative measures like insurance or protections that offer 100% guarantees against potential losses. Bitget's $300 million Protection Fund stands as a notable example, fortified by 6500 BTC and $160 million in stablecoins. This fund ensures users are covered for losses not arising from their actions or the platform's behavior. Another safeguard is the Proof-of-Reserve, a reassurance that centralized entities maintain a 1:1 reserve ratio for users' funds, ensuring their successful withdrawal at all times. For instance, Bitget pledges maximum transparency with a current reserve ratio of 244%, showcasing 2.5 times the users' assets in BTC, ETH, and USDT. Last but not least, through cold storage technology, most digital assets are held offline in secure multi-signature wallets, significantly reducing exposure to online threats. These measures, validated by leading security firms, encapsulate Bitget's dedication to preserving user assets in a robust and fortified environment.
Disclaimer: The opinions expressed in this article are for informational purposes only. This article does not constitute an endorsement of any of the products and services discussed or investment, financial, or trading advice. Qualified professionals should be consulted prior to making financial decisions.