What happened: The Curve attack originated in the early morning of July 31st. The official Twitter account of Ethereum EVM compiler Vyper stated that Vyper versions 0.2.15, 0.2.16 and 0.3.0 are vulnerable to recursive failures. Any project using these versions should contact the team immediately. The most serious one is Curve, because some of Cruve's stablecoin pools use these versions, so it was attacked by hackers. However, Link has not been updated for a long time, and there is no update or quotation. The direct result is that many on-chain are not easy to be liquidated.

This incident is actually very big. The editor vulnerability directly threatens the DeFi of the entire Ethereum ecosystem. If all projects have updated these versions, it will be a huge disaster for DeFi. Let's roughly sort out the course of this incident: July 30, 23:36: Jpegd officially stated that pETH-ETH curve was attacked. July 31, 8:10: Curve Finance stated that many stable pools using Vyper0.2.15 were attacked. July 31, 8:11: The Curve Finance attack caused a loss of US$52 million. July 31, 8:17: Curve Finance TVL fell by 24%. July 31, 8:25: DeFi lending protocol Alchemix, aleth/eth pool was attacked and lost about 5,000 ETH. July 31, 8:31: DeFi synthetic asset protocol Metronome stated that the msETH-ETH pool was attacked. 8:35 on July 31: A white hat hacker c0ffeebabe.eth returned 2,879 ETH to the Curve deployment address, with a price of approximately US$5.4 million. After watching the rescue process on the chain, it was quite exciting. The white hat hacker rescued the assets that were snatched away by the mev bot, and then tried to contact the bot deployer. In the end, the deployer quickly agreed and returned the more than 2,800 ETH that were snatched away. 8:38 on July 31: Ellipsis Finance, the BNB chain ecological DEX that uses the Curve mechanism, said that a small number of BNB stablecoin pools using the old version of the Vyper compiler were attacked. 9:09 on July 31: Upbit suspended CRV recharge and withdrawal services. These are all the processes on Curve at present. Due to the impact of the attack, the price of CRV has also fluctuated violently.

As for the attack on Curve Finance, this is an event that has penetrated the Ethereum development community and has had a wide impact on the entire DeFi ecosystem. In this attack, we saw how the vulnerability of the Vyper compiler version was exploited by hackers, and how the entire community responded quickly to limit the losses. However, this incident also revealed the problems that the DeFi ecosystem still has in terms of security, which is an issue that all participants should take seriously.

First, this incident once again highlights the security issues of smart contracts. In the past few years, we have seen many large-scale losses due to smart contract vulnerabilities. This incident shows that even in a professional development environment, the security of the compiler cannot be guaranteed, which is a very worrying situation.

Secondly, this incident reminds us that the security of the DeFi ecosystem is not just a problem for one project, but the common responsibility of all participants. If there is a problem with the security of a project, it may affect the stability of the entire ecosystem. This requires all participants to work together to establish a more complete security mechanism.

Then, the delay in updating Link may be because they are looking for a solution or evaluating the severity of the problem. For this issue, we should respect their decision because any decision may have an impact on the entire system.

Finally, this incident also reveals the important role of white hat hackers in the DeFi ecosystem. They helped limit the losses of this attack by finding and fixing security vulnerabilities. This proves that in the DeFi ecosystem, we need more white hat hackers to participate and help find and fix possible security vulnerabilities.

In general, the Curve Finance attack is a wake-up call, reminding us to pay more attention to the security of the DeFi ecosystem and take more measures to ensure its security. In the future, we hope to see more tools and methods developed to help us better protect the security of the DeFi ecosystem. #Difi

Please follow us!

(Purely personal opinion, if you want to debate with me then you are right)

(Please follow me. Those who follow me will become rich and thin overnight. Please remember to comment and fulfill your wish. Please)