Curve Finance Community Votes to Reimburse $61M Hack Victims

In a pivotal move within the decentralized finance (DeFi) realm, the community backing the Curve Finance protocol has collectively agreed to address the aftermath of a substantial $61-million hack that rocked the ecosystem back in July.

On December 21, on-chain data solidified a groundbreaking decision, with a resounding 94% of tokenholders sanctioning the allocation of tokens worth over $49.2 million. This allocation aims to offset the losses incurred by liquidity providers (LPs) across the Curve (CRV), JPEG’d (JPEG), Alchemix (ALCX), and Metronome (MET) pools, signaling a significant step towards rectifying the consequences of the hack.

A notable portion of this reimbursement involves $7.2 million worth of Ethereum (ETH) recovered by whitehat hackers, now earmarked for distribution within the DAO. Additionally, approximately $42 million worth of CRV tokens will compensate for the unrecovered portions, albeit vested, alongside the distribution of other whitehat-recovered funds that were disbursed before the formal vote.

The calculation of losses encapsulates the value of Ether (ETH) and CRV tokens locked within the affected pools before the hack, coupled with the missed CRV emissions that LPs would have received over recent months. This move, as proposed by Curve, is set to be funded by the community fund, utilizing Curve DAO (CRV) tokens. The final disbursement sum takes into account tokens recovered since the fateful incident.

“The overall ETH to recover was calculated as 5919.2226 ETH, the CRV to recover was calculated as 34,733,171.51 CRV and the total to distribute was calculated as 55,544,782.73 CRV,” according to the proposal’s details.

The security breach on July 30 sent shockwaves through the DeFi space, prompting concerns about its broader implications for the crypto ecosystem. At the time of the incident, Curve Finance’s total value locked (TVL) stood at nearly $4 billion, underscoring the substantial impact of the hack on one of DeFi’s prominent platforms.

Among the affected pools were alETH/ETH, pETH/ETH, msETH/ETH, and CRV/ETH. Exploiting a vulnerability within stable pools utilizing specific versions of the Vyper programming language—an esteemed choice for DeFi protocols due to its Ethereum Virtual Machine design—the attacker targeted Vyper’s 0.2.15, 0.2.16, and 0.3.0 versions, which were susceptible to reentrancy attacks.

Read more:

Join us on Telegram

Follow us on Twitter

Follow us on Facebook

Follow us on Reddit

You might also like