Multiple DeFi Protocols Lose Over $70M Due to Vyper Code Bug

Adekunle Joshua

Multiple DeFi protocols reeling after vulnerabilities in Vyper smart contract language led to hackers draining over $70M from Curve, Alchemix, and JPEG’d

Some web3 community members recommend withdrawing assets from Curve pools to protect against further risks

Vyper team disclosed that their latest compiler versions didn't guard against reentrancy attacks, which allowed malicious hackers to exploit smart contract logic

Curve didn't immediately respond but confirmed the exploit that caused its CRV token to plummet 15% in 24 hours

DeFi protocols lost an estimated $70M, with some funds possibly recoverable through white-hat hackers and MEV bots

Millions were stolen from Alchemix, Metronome, and JPEG’d, while an MEV bot front-run an $11M attack on JPEG’d

Concerns rise over CRV's extreme volatility as attackers haven't yet offloaded their $4.5M of ill-gotten CRV

Fallout leads to increased borrowing fees, impacting Aave and other protocols.