The Curve turmoil is over, and the financial movements of key interest groups are being picked up

On July 30, the Curve stablecoin pool alETH/msETH/pETH was attacked due to a recursive lock vulnerability in some versions of Vyper (0.2.15, 0.2.16, and 0.3.0). Alchemix, JPEG’d, Metronome, deBridge, and Ellipsis have lost about $70 million as a result of the Curve part of the stablecoin pool attack:

• Alchemix: 7,259 ETH and 4,821 alETH (about $22 million);
• JPEG’d: 6,106 ETH (about $11.4 million);
• Metronome: 866.554 ETH (about $1.6 million), 955 smETH (about $1.7 million);
• CRV-ETH pool: 10,500 ETH (about $19.4 million), 7.19 million CRV (about $4.4 million).

Affected by the attack, the price of CRV fell, and the founder’s borrowing was at risk of liquidation

Affected by the attack, on July 31, Curve Finance’s total locked position (TVL) has decreased from $3.266 billion on July 30 to $1.869 billion, a 24-hour decrease of 42.78%, and CRV price has decreased by 14.89% in 24 hours.

The CRV price decline has forced Curve founder Michael Egorov’s $70 million borrowing position on Aave to liquidate. With this in mind, Egorov sold the CRV over the OTC in exchange for funds to repay the loan.

Since the start of the OTC sale on August 1, Egorov has sold a total of 142.65 million CRV to 30 investors/institutions as of August 6, in exchange for $57.06 million.

As of Aug. 6, Egorov still had 269.8 million CRV ($166 million) staked on four platforms, with a debt size of about $48.7 million.

The attacker returns the funds

On July 30, the exploiter coffeebabe.eth returned 786 ETH ($1.45 million) and 955 smETH ($1.74 million) to Metronome, and 2,879 ETH ($5.36 million) to Curve Finance.

On August 3, the Curve Foundation sent an on-chain message to the exploiter stating that if the attacker returns the remaining 90% by 8 AM (UTC) on August 6, they will receive 10% of the stolen funds as a bounty;

On August 4, the attackers 0x6ec returned 5,495 WETH ($10 million) to JPEG’d and kept 610 ETH ($1.1 million) as a 10% bounty, and the attackers 0xdce returned 2,258 ETH ($4.15 million) and 4,820 alETH ($8.82 million) to AlchemixFi.

On August 5, 0xdce returned 4,999 ETH ($9.18 million) to AlchemixFi, all of which have been returned;

On August 6, 32% of the stolen assets (about $18.7 million) had not been returned:

• 80 ETH ($14,700) from MetronomeDAO (held by coffeebabe.eth);
• 7,681 ETH ($14.4 million) and 7.19 million CRV ($4.43 million) from the CRV-ETH pool.

As of press time, of the $59.5 million stolen in the Curve Finance Vyper exploit, about $40.3 million has been returned, $560,000 has been used as a bounty for hackers, and about $18.7 million has not been returned by CRV/ETH exploiters (0xb752… b324）。

On August 7, Curve Finance tweeted that the deadline for the CRV/ETH exploit attackers to voluntarily return their funds has passed, and a bounty will be offered to reward anyone who provides information that led to the hacker’s arrest and conviction (currently $1.85 million).

In addition, Odaily Planet Daily specially reminds that some accounts on X (i.e. Twitter) have recently appeared pretending to be Curve officials, and fraudulent accounts are often marked with blue or yellow markers, so you need to pay attention to precautions.