The exploit saga continues as Curve Finance warns users and asks to withdraw funds from its tricrypto liquidity pool which consist of USDT, WBTC and ETH.
Although there is no way to drain funds from this pool but just in case the hacker outsmarts, Curve said in the post. The leading DeFi protocol is being cautious following the uncertainty around Vyper’s code dependency.
Curve previously said that in result of Vyper’s compiler issues, its four pools were infected including CRV/ETH, msETH/ETH, pETH/ETH and alETH/ETH. However, as the exploit arised from uncertain situations and based on issues with Vyper, it might affect other smart contracts as well if they are based on the Vyper.
“A number of stablepools (alETH/msETH/pETH) using Vyper 0.2.15 have been exploited as a result of a malfunctioning reentrancy lock,” Curve said while confirming the exploit. “We are assessing the situation and will update the community as things develop. Other pools are safe.”
Although it comes to attention that an ethical hacker c0ffeebabe.eth has seized and returned 2,879 ETH to Curve Finance. The total exploit amount accounts for approximately $47 million.
Also Read: Critical Vyper Vulnerability Exposes DeFi Ecosystem
