Recall that Curve offers 232 pools with various tokens, several of which were compromised due to vulnerabilities in the operation of re-entry locks in early versions of the Vyper programming language.
During the press conference, exchange representatives did not name the exact amount of stolen funds. However, according to the preliminary analysis of the audit company BlockSec, the losses from the actions of attackers amounted to at least $42 million.
At the same time, a DEX representative under the pseudonym Mimaklas said that only pools that use Vyper 0.2.15, 0.2.16 and 0.3.0 versions are under threat. The specialist noted that all affected pools have been compromised or emptied. The team is currently working on estimating the exact size of the losses.
The hacker attack also had a negative impact on the CRV Curve DAO token. The value of the coin fell by 17% and was $0.65 at the time of publication of this article. The fall in the price of CRV forced Curve’s founder to liquidate Aave’s $70 million credit position.