Illustration shows representation of cryptocurrency Bitcoin, Ethereum and Dash plunging into water


  • The source of the exploit was traced back to third-party programming language Vyper
  • Total losses could be approximately upwards of $42, as per BlockSec's preliminary analysis
  • CRV was trading at $0.6405 as of 4:00 a.m. ET on Monday

Curve DAO (CRV) has seen a dip after it was announced that Curve Finance, the decentralized exchange (DEX) aimed at delivering efficient stablecoin trading, experienced a major exploit due to a vulnerability in the programming language, threatening the safety of over $100 million worth of cryptocurrency.

CRV, the native cryptocurrency of the top decentralized finance Curve Finance exchange, saw a 17% loss on the day and was trading at $0.61, but it is anticipated to see further loss due to the fear the exploit caused the investors, which could trigger liquidations.

The exploit was announced over the weekend, with the DeFi's official X account being the bearer of the bad news.

"A number of stablepools (alETH/msETH/pETH) using Vyper 0.2.15 have been exploited as a result of a malfunctioning reentrancy lock. We are assessing the situation and will update the community as things develop," the account revealed.

However, it claimed that "other pools are safe."

The source of the exploit was traced back to Vyper, a third-party programming language for Ethereum smart contracts.

The "pools" Curve Finance was referring to in its post, on the other hand, are Liquidity Pools or smart contracts that hold tokens and have the ability to provide liquidity to crypto markets that do not depend on any financial intermediaries.

Curve Finance has not yet revealed how much was drained from the exchange due to the attack but blockchain auditing firm BlockSec estimated that the total losses could be approximately upwards of $42 million, based on its preliminary analysis.

Moreover, security firm Decurity revealed that NFT lending protocol JPEG'd lost approximately $11 million in crypto as a result of the Curve Finance attack.

"pETH belonging to @JPEGd_69 has just been exploited for 11 million USD with a Curve read only reentrancy," Decurity said in a tweet.

JPEG'd also released an update after Decurity's post on X.

"There was an attack on the pETH-ETH curve pool. The vault contracts allowing to borrow against NFTs are safe and still running solidly. NFTs and the treasury funds are safe. We'll keep everyone updated as soon as we know better what is happening," it noted.

"We've been looking into the issue the moment we were made aware and are assessing the extent of the issue. The issue seems to be related to the curve pool," the NFT lending protocol added.

As of 4:00 a.m. ET on Monday, CRV was trading at $0.6405, with a 24-hour trading volume of $307,103,352. This represents a 12.57% decrease in the last 24 hours

Based on the latest data from CoinMarketCap, CRV's total circulating supply stands at 889,407,415 CRV, but its value has decreased by 11.30% with a market cap of $569,226,395.