The Curve Finance Community Approves Payment.
- Posted on December 24, 2023 11:08 AM
- Cryptocurrency Exchanges News
- 194 Views
The decentralized finance (DeFi) protocol community of Curve Finance decided to repay liquidity providers (LPs) affected by a $61 million attack in July.
According to on-chain data, 94% of token holders approved a token payment of over $49.2 million on December 21 to cover the losses in Curve (CRV), JPEG'd (JPEG), Alchemix (ALCX), and Metronome (MET) pools.
Just wanted to emphasize the scale of this. Victims are made whole with this vote with:
— Curve Finance (@CurveFinance) December 22, 2023
- $7.2M worth of ETH recovered by whitehats to the DAO being distributed
- $42M worth of CRV compensating unrecovered parts (vested)
- Other whitehat-recovered funds distributed before vote https://t.co/qmcK9pmTe5
The Curve Finance community has approved compensation for liquidity providers (LPs) affected by a $61 million attack in July. In a vote on December 21, 94% of community members approved a token payment of over $49.2 million to cover losses in the Curve (CRV), JPEG'd (JPEG), Alchemix (ALCX), and Metronome (MET) pools.
The calculation of losses includes the amount of Ether (ETH) and CRV tokens in the pools before the attack, as well as missed CRV emissions distributed to LPs in previous months. According to Curve's proposal, the community fund will supply Curve DAO (CRV) tokens, with a deduction for recovered tokens since the incident.
The security incident occurred in July, prompting stress tests on several DeFi protocols due to concerns about potential impacts on the crypto ecosystem. Curve's total value locked (TVL) was around $4 billion in July. The affected pools included alETH/ETH, pETH/ETH, msETH/ETH, and CRV/ETH.
The Curve proposal states, 'While funds stolen in each pool have been fully or partially recovered, MEV bots left a gap in all affected pools, and this improvement proposal aims to make affected LPs whole.'
The attacker exploited a security vulnerability in certain versions of the Vyper programming language designed for the Ethereum Virtual Machine, executing a reentrancy attack on stable pools. This flaw made Vyper versions 0.2.15, 0.2.16, and 0.3.0 vulnerable to reentrancy attacks.