The native token of one of crypto’s top decentralized exchanges tumbled after the platform said it had been “exploited” as a result of a vulnerability in a programming language.
Curve Finance, like other decentralized finance projects in crypto, relies on different kinds of software built on top of blockchain technology. A glitch in a particular version of Vyper — a programming language similar to Python and widely used in DeFi applications — led to the exploit, Curve tweeted Sunday.
Curve Finance’s CRV token has shed about 15% since the problem emerged and was trading at approximately 63 US cents as of 9:30 a.m. in Singapore on Monday, according to data compiled by Bloomberg.
BlockSec, which provides security audit services for crypto software, estimated the hack had already led to more than $40 million in losses. Tarun Chitra, chief executive officer and founder of crypto risk modeling firm Gauntlet, estimated the exploiter made away with about $20 million of CRV and a version of Ether.
“We are assessing the situation and will update the community as things develop,” Curve said.
Curve Finance is the largest decentralized exchange after Uniswap, according to data provider and aggregator DeFiLlama. Curve’s founder Michael Egorov did not immediately respond to a request for comment.
CRV is used as collateral on a decentralized lending service known as Aave. Gauntlet’s Chitra said that so far there were no signs of “bad loans” on the Aave platform due to the slide in CRV. Aave’s token has declined about 4% in the past 24 hours, CoinGecko figures show.
Digital assets like Bitcoin and Ether wobbled a tad on concerns about wider potential knock-on effects but later stabilized. Bitcoin was little changed at about $29,450, while Ether was steady at $1,870.
Hackers pilfered a record $3.8 billion worth of crypto in 2022 and Curve Finance was among the long list of organizations impacted.
The pace of incidents has cooled but the risk of security breaches still clouds decentralized finance, or DeFi, where people rely on blockchain-based software known as smart contracts to undertake activities like trading or lending.
(Updates with latest CRV token performance in the third paragraph.)