An ethical hacker, operating under the ENS name “c0ffeebabe.eth,” has managed to recover 2,879 ETH (worth around $5.4 million) from the total assets lost during the recent Curve Finance exploit.
DeFi protocol Curve Finance suffered a major hack on July 30, 2023. The hack was carried out in two stages. The first attack exploited a reentrancy vulnerability within its factory pools, resulting in a staggering loss of approximately $26 million.
Subsequently, the attackers executed a second phase by manipulating Curve Finance’s CRV-ETH liquidity pool to withdraw 7.1 million CRV tokens valued at $4.4 million and 7,680 wrapped ether, equivalent to $14.37 million.
During this second phase, c0ffeebabe.eth demonstrated exceptional skills, outsmarting the attackers using a MEV bot. After analyzing on-chain data, PeckShield reported that c0ffeebabe.eth promptly returned the recovered funds to the Curve deployer address.
The root cause of the hack was traced back to a flaw in the Vyper programming language, which allowed for reentrancy problems in the protocol’s smart code. The attackers exploited this flaw, leading to significant financial losses across multiple projects, including JPEG’d, Metronome, and Alchemix.
According to PeckShield’s estimation, the total assets taken from Curve pools during the attack amounted to $52 million. However, thanks to the actions of c0ffeebabe.eth, the overall loss has been reduced to $46.5 million.
In the aftermath of the attack, Curve Finance experienced a substantial decline in its total value locked (TVL). DefiLlama reported that the TVL plummeted from $3.26 billion on July 30 to $1.74 billion within 24 hours, representing a staggering 46% decrease.
In a separate incident, Conic Finance, another DeFi protocol, suffered a major exploit, losing approximately 1700 ETH, valued at over $3.2 million, to an attacker. Security specialists from BlockSec detected that the attacker took advantage of a reentrancy vulnerability in the protocol’s code. This vulnerability allowed the attacker to make unauthorized withdrawals of additional funds by executing a function multiple times within a single transaction.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”