On July 30, a number of decentralized finance (DeFi) protocols came under attack, which led to the loss of cryptocurrency valued at over $24 million.
Hackers Steal $24M From DeFi Protocols
On July 30, a number of decentralized finance (DeFi) protocols came under attack, which led to the loss of cryptocurrency valued at over $24 million.
The attackers took advantage of a vulnerability in liquidity pools on Curve, an automated market maker (AMM) platform.
NFT lending protocol, JPEG'd, lost $11 million in cryptocurrency. The protocol has a total value locked of about $32 million and allows users to post NFTs as loan collateral. According to CoinMarketCap, the governance token JPEG was down 24.6% as of the time of this writing.
The vulnerability was first referred to by Curve as an ordinary, avoidable read-only "re-entrancy" exploit. Curve later clarified this claim.
JPEG'd was not the only victim of the problem, as Alchemix and Metronome DAO both suffered comparable losses of $13.6 million and $1.6 million, respectively. A maximal extractable value (MEV) bot spotted the would-be attacker's transaction and paid a charge to perform a comparable transaction ahead of them, front-running the attacker.
It was discovered that Vyper, a third-party programming language for Ethereum smart contracts, was responsible for the flaw.
Vyper said that the compiler for the programming language had failed. As re-entry guards were built into the projects' code and were supposed to protect against re-entry attacks, this rendered them inoperable.
