Multiple DeFi Protocols Lose Over $70M Due to Vyper Code Bug
Adekunle Joshua
Multiple DeFi protocols reeling after vulnerabilities in Vyper smart contract language led to hackers draining over $70M from Curve, Alchemix, and JPEG’d
Some web3 community members recommend withdrawing assets from Curve pools to protect against further risks
Vyper team disclosed that their latest compiler versions didn't guard against reentrancy attacks, which allowed malicious hackers to exploit smart contract logic
Curve didn't immediately respond but confirmed the exploit that caused its CRV token to plummet 15% in 24 hours
DeFi protocols lost an estimated $70M, with some funds possibly recoverable through white-hat hackers and MEV bots
Millions were stolen from Alchemix, Metronome, and JPEG’d, while an MEV bot front-run an $11M attack on JPEG’d
Concerns rise over CRV's extreme volatility as attackers haven't yet offloaded their $4.5M of ill-gotten CRV
Fallout leads to increased borrowing fees, impacting Aave and other protocols.
learn more