Upbit Suspends CRV Transactions Following Curve Finance Exploit

Upbit, the largest cryptocurrency exchange in South Korea, has temporarily suspended CRV withdrawals and deposits after Curve fell victim to a significant exploit. 

Other exchanges have been keeping track of the situation but have not initiated any action as of now. 

Curve Finance tweeted over the weekend that the protocol had fallen victim to an exploit. The protocol stated that over $100 million worth of cryptocurrency was at risk thanks to a reentrancy bug in Vyper, the programming language used to power parts of the larger Curve ecosystem. As a result, several stablecoin pools used in the pricing and liquidity of several DeFi projects were drained by hackers. 

“A number of stablepools (alETH/msETH/pETH) using Vyper 0.2.15 have been exploited as a result of a malfunctioning reentrancy lock. We are assessing the situation and will update the community as things develop.”

In another tweet on Monday, the protocol listed out the hacked pools. It also stated that the Arbitrum trycrypto pool could also have been compromised during the hack. 

“As a result of an issue in Vyper compiler in versions 0.2.15-0.3.0, the following pools were hacked: crv/eth aleth/eth mseth/eth peth/eth Another pool potentially affected is arbitrum’s tricrypto. Auditors and Vyper devs could not find a profitable exploit, but please exit that one.”

Re-entrancy attacks are a fairly common exploit, allowing hackers to trick smart contracts by making repeated calls to the protocol and stealing user assets. A call is basically an authorization for a smart contract address to interact with a user’s wallet address. 

Following the exploit, Upbit, the largest cryptocurrency exchange in South Korea, announced it was temporarily suspending the withdrawal and deposit of Curve Finance’s native CRV token. The suspension was announced by Chinese crypto reporter Wu Blockchain on Twitter, who stated, 

“South Korea’s largest exchange, Upbit, announced that due to the attack on some of Curve’s stablecoin pools, CRV volatility is high, and Curve (CRV) deposit and withdrawal services have been suspended.”

The Upbit exchange, in its announcement, stated it had detected several vulnerabilities in some stablecoin pools associated with Curve Finance, leading to the CRV token experiencing considerable volatility. It added that it was temporarily suspending CRV deposits and withdrawals. 

“Today, certain vulnerabilities have been discovered in some of the stablecoin pools associated with Curve (CRV). As a result, CRV is currently experiencing significant volatility. We advise exercising caution when considering any investments related to CRV. To ensure the safety of digital asset transactions, we have temporarily suspended deposits and withdrawals for CRV.”

The hack has resulted in a loss of over $100 million for the protocol, with the CRV token down over 12%. 

While Upbit has swung into action and suspended CRV deposits and withdrawals, other prominent exchanges have adopted a wait-and-watch approach. Upbit has also urged users to exercise caution when considering any investments related to CRV. OKX, another prominent exchange, issued a warning for users on the token’s landing page, telling users the exchange would not be responsible for any losses incurred while trading the CRV token. 

Meanwhile, Binance head Changpeng Zhao stated that Binance users were unaffected by the exploit in Curve. 

“CEX price feed saves DeFi. Binance users are not affected. Our team checked on the Vyper Reentrant Vulnerability. We only use version 0.3.7 or above.”

Zhao explained that Binance’s use of a centralized price feed for DeFi tokens adds an extra layer of security. Zhao also insisted on updating applications, code libraries, and operating systems.

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Read full story at Crypto Daily >