The July exploit in Curve Finance saw hackers capitalize on a Vyper programming language bug, pilfering $73.5 million across four mining pools. Curve offered a white hat status to those returning 90% of the funds. Some hackers, particularly linked to the Metronome breach, accepted, returning $52 million. Yet, not all complied. In response, Curve's community, with a 94% approval, voted for reimbursement.
The approved proposal promises refunds for missing tokens and compensates for lost CRV emissions, totaling $42 million. This offsets a calculated $94 million loss. Restoring unrealized gains aims to bolster confidence in CurveDAO pools. Nonetheless, recent attacks signal ongoing vulnerabilities, prompting a need for enhanced security. Given CurveDAO's substantial resources, significant investments in improved safeguards appear imperative to prevent future costly incidents.
