The Next Big Crypto Hack - Curve Finance Hack May Just Be the Tip of the Iceberg

By Cryptofab | Cointune | 10 Aug 2023


This article was first published on Medium.

The recent hack of Curve Finance was a major wake-up call for the crypto community. Not only did it result in the loss of $62 million, but it also exposed a vulnerability in the programming language Vyper. This vulnerability could potentially be exploited on other lending protocols or decentralized exchanges (DEXs), what could lead to additional hacks.

The site Defillama.com allows to see a list of Curve Finance forks:

One of these forks, Ellipsis Finance, has already been exploited on the same date as Curve Finance. The TVL (total value locked) of the other forks is probably too low to attract the hackers, since this kind of attack requires some funds. However, alhough Curve Finance team has already patched the vulnerability that was exploited, it is possible that other protocols have not yet patched the vulnerability.

Furthermore, other protocols with high TVL are attractive targets for hackers. Let’s look at the top 10 TVLs according to Defillama:

A good way to assess the risks of these protocols is first of all to look at their programming language:

  1. Lido, MakerDAO, AAVE, Uniswap, Coinbase wstETH, Compound and Convex mostly use Solidity, as well as JavaScript and TypeScript.
  2. Summer.fi is just a front-end interface using JavaScript.
  3. Curve Finance is the only one of that list to use Vyper.

However, even if a DeFi protocol uses Solidity instead of Vyper, it does not mean that it is immune to hack. Therefore, we also need to check the smart contract. You can read the audit reports of these protocols (if any), or scan yourself their contract though De.Fi scanner.

For instance, according to OpenZeppelin blog:

In late 2021, as part of a security audit for a client, OpenZeppelin conducted a security review of the Convex Finance protocol. As part of the audit, the Security Research Team uncovered a vulnerability that, if exploited by two of three anonymous multi-signature wallet (multisig) signers, would have given the Convex multisig direct control over Convex’s locked value — then approximately $15 billion.

This vulnerability was discovered sufficiently early, but how many other vulnerabilities have not yet been discovered? You can do your own research by using tools like De.Fi scanner.

Conclusion

The Curve Finance hack is a reminder that even the most popular and secure protocols are not immune to attack. It is important to be aware of the risks and to take steps to protect your funds. If you are not sure about the security of a protocol or DEX, it is best to err on the side of caution and avoid using it.

Disclaimer: Cryptocurrency is a volatile asset and your investment is at risk. You should only invest money that you can afford to lose.

How do you rate this article?

91


Cryptofab
Cryptofab

Studying Bitcoin, Alts & Arts.


Cointune
Cointune

Crypto, DeFi and passive income.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.