Odaily News: JPEG'd tweeted that the pETH-ETH curve pool has been attacked, and other NFT and treasury assets are at risk. However, the JPEG'd contract itself has not been hacked and remains secure.

Odaily News: Ethereum programming language Vyper has announced that versions 0.2.15, 0.2.16, and 0.3.0 have a recursive lock vulnerability. An investigation is currently underway, but any projects using these versions should contact us immediately. Official response from Curve: Due to the vulnerability in Vyper 0.2.15, certain stablecoin pools (alETH/msETH/pETH) have been attacked. We are assessing the situation and will release updates to the community as the situation develops. Other pools are safe.

Odaily News According to Pudao monitoring, as of now, DeFi lending protocol Alchemix, DeFi public product JPEG'd, DeFi synthetic asset protocol Metronome, cross-chain bridge deBridge, BNB Chain DEX Ellipsis using the Curve mechanism, and Curve CRV/ETH pool have been attacked, resulting in a loss of approximately $52 million. According to previous reports, Vyper, the Ethereum programming language, issued a statement stating that versions 0.2.15, 0.2.16, and 0.3.0 have a recursive lock vulnerability. An investigation is currently underway, but any project using these versions should contact us immediately. Curve's official response stated that due to the vulnerability in Vyper 0.2.15, some stablecoin pools (alETH/msETH/pETH) have been attacked. We are assessing the situation and will provide updates to the community as the situation develops. Other pools are secure. Curve contributor Banteg stated that the CRV/ETH pool was emptied minutes before the white hat hackers began rescuing it. This is part of a series of attacks that have occurred, and it is currently estimated that 7 million CRV tokens and $14 million worth of WETH have been stolen from the CRV/ETH pool on Curve.

Odaily News: DeFi lending protocol Alchemix tweeted that on July 30th, Curve Finance notified Alchemix of a potential attack on its alETH/ETH pool due to a vulnerability in Vyper. Alchemix took immediate action and removed the liquidity controlled by AMO from the Curve pool through the AMO contract. The vulnerability was in the Curve pool contract itself. Alchemix smart contracts were not attacked, and funds are safe. Alchemix needs to perform three operations: 1. Unstaking LP tokens from Convex; 2. Withdrawing alETH from the Curve pool; 3. Withdrawing ETH from the Curve pool. The first and second operations have already been executed, unstaking LP tokens from Convex and removing 8000 alETH from the Curve pool. This means that there are still approximately 5000 ETH liquidity controlled by AMO in the Curve pool. During the process of removing the remaining liquidity, the alETH/ETH Curve pool was attacked by an attacker. Currently, there is a loss of approximately 5000 ETH from the alETH reserves. For users, funds in the Alchemix treasury are safe, and all Alchemix contracts are unaffected. Providing liquidity in the alETH/ETH Curve pool is unsafe. Providing liquidity for alETH elsewhere is technically safe, but attackers may exploit this liquidity by selling alETH for ETH. The fair price of alETH is currently unknown, and any users holding alETH or providing liquidity for alETH face this uncertainty. Alchemix recommends that LPs providing liquidity in the alETH pool on decentralized exchange Saddle Finance and the frxETH pool on Curve withdraw their liquidity as soon as possible. According to previous reports, Curve stablecoin pools alETH/msETH/pETH were attacked due to a recursive lock vulnerability in certain versions (0.2.15, 0.2.16, and 0.3.0) of Vyper. According to PeckShield monitoring, as of now, DeFi lending protocol Alchemix, DeFi public product JPEG'D, DeFi synthetic asset protocol Metronome, cross-chain bridge deBridge, BNB Chain DEX Ellipsis using Curve mechanism, and Curve CRV/ETH pool have been attacked, resulting in approximately $52 million in losses.

Odaily News: DeFi synthetic asset protocol Metronome has announced that as a precautionary measure, the functionality of the Metronome mainnet has been temporarily suspended in order to minimize damage and investigate the best course of action going forward. Metronome has revealed that a vulnerability involving multiple Curve pools has been exploited, leading to an attack on the msETH-ETH pool, resulting in the theft of funds from the pool. Liquidity providers for any msUSD trading pairs and users utilizing msETH on Optimism on Velodrome should take note that their positions are not affected. Furthermore, all deposits and open positions in Metronome are unaffected by this incident. As previously reported, the Curve stablecoin pool comprising alETH/msETH/pETH was attacked due to a recursive locking vulnerability in certain versions (0.2.15, 0.2.16, and 0.3.0) of Vyper. According to PeckShield monitoring, as of now, DeFi lending protocol Alchemix, DeFi public product JPEG'd, DeFi synthetic asset protocol Metronome, cross-chain bridge deBridge, BNB Chain's DEX Ellipsis utilizing the Curve mechanism, and the Curve CRV-ETH trading pair have all been attacked, resulting in an estimated loss of approximately $52 million.

Odaily News: According to DefiLlama data, due to the impact of the attack, the Total Value Locked (TVL) of Curve Finance has decreased from $3.266 billion on July 30th to the current $1.869 billion, with a 24-hour decrease of 42.78%. According to OKX market data, CRV is currently trading at $0.6260 USDT, with a 24-hour decrease of 14.89%. As previously reported, Curve stablecoin pool alETH/msETH/pETH has been attacked due to a recursive lock vulnerability in certain versions of Vyper (0.2.15, 0.2.16, and 0.3.0). According to PeckShield monitoring, as of now, DeFi lending protocol Alchemix, DeFi public product JPEG'd, DeFi synthetic asset protocol Metronome, cross-chain bridge deBridge, BNB Chain DEX Ellipsis using the Curve mechanism, and Curve CRV-ETH trading pair have been attacked, resulting in a loss of approximately $52 million.

Odaily News: According to Puddle Shield monitoring, the MEV robot c0ffeebabe.eth has returned 2879 ETH (approximately $5.4 million) to the Curve.fi: Deployer address. According to previous reports, Vyper, the Ethereum programming language, issued a notice stating that there is a recursive lock vulnerability in versions 0.2.15, 0.2.16, and 0.3.0 of Vyper. An investigation is currently underway, but any projects using these versions should contact us immediately. Curve's official response: Due to a vulnerability in Vyper 0.2.15, some stablecoin pools (alETH/msETH/pETH) have been attacked. We are assessing the situation and will provide updates to the community as the situation develops. Other pools are secure.

Odaily News: Ellipsis Finance tweeted that a few BNB stablecoin pools using the old version of Vyper compiler were attacked. The situation is currently being assessed, and the community will be informed of further developments. According to previous reports, the alETH/msETH/pETH stablecoin pools on Curve were attacked due to a recursive lock vulnerability in certain versions of Vyper (0.2.15, 0.2.16, and 0.3.0). According to the monitoring by PDS, as of now, the DeFi lending protocol Alchemix, the DeFi public product JPEG'd, the DeFi synthetic asset protocol Metronome, the cross-chain bridge deBridge, the BNB Chain DEX Ellipsis utilizing the Curve mechanism, and the Curve CRV-ETH trading pair have been attacked, resulting in approximately $52 million in losses.

Odaily news. The downward trend in CRV prices due to the attack may force the founder of Curve to liquidate their $70 million loan position on Aave (CoinDesk). According to previous reports, the alETH/ETH, msETH/ETH, pETH/ETH, and CRV/ETH pools on Curve were attacked due to a recursive lock vulnerability in certain versions of Vyper (0.2.15, 0.2.16, and 0.3.0). According to DefiLlama data, the total value locked (TVL) in Curve Finance has dropped from $3.266 billion on July 30th to the current $1.869 billion, with a 24-hour decrease of 42.78%. CRV is currently trading at $0.6260 USDT, with a 24-hour decrease of 14.89% according to the OKX market.

Odaily News: According to the data on the Curve Finance official website, alETH and pETH have experienced varying degrees of negative premium due to the recent attack incident. The exchange rate for alETH/ETH is 1:0.77421, and for pETH/ETH it is 1:0.45138.

Odaily News: The Chief Information Security Officer of SlowMist, 23pds, tweeted that the recommended version in the official Vyper documentation is actually incorrect. According to previous reports, Vyper, the programming language for Ethereum, announced that versions 0.2.15, 0.2.16, and 0.3.0 have a vulnerability in recursive locks that causes the functionality to fail. An investigation is currently underway, but any projects using these versions should immediately contact us. In response, Curve officials stated that due to the vulnerability in Vyper 0.2.15, some stablecoin pools (alETH/msETH/pETH) have been attacked. We are assessing the situation and will provide updates to the community as the situation develops. Other pools are secure.

Odaily News: On-chain data shows that the founder of Curve deposited 16 million CRV into Aave V2 and Abracadabra about 5 hours ago, aiming to improve its lending health metric. About 6 hours ago, he borrowed approximately 3.76 million FRAX from Fraxlend and used it to repay the loan on Aave V2. Subsequently, he gradually repaid a total of over 4.623 million USDT loans on Aave V2. According to previous reports, the alETH/ETH, msETH/ETH, pETH/ETH, and CRV/ETH pools on Curve were attacked due to a recursive lock vulnerability in certain versions of Vyper (0.2.15, 0.2.16, and 0.3.0). The impact of the attack may lead to a downward price trend for CRV, potentially resulting in the liquidation of the founder's $70 million loan position on Aave.

Odaily News: According to DEX Screener data, CRV experienced significant price fluctuations on multiple DEXs in the early morning today. Between 3:05 and 3:15, the instantaneous price of the CRV/WETH trading pair on Uniswap may have approached zero due to liquidity reasons, followed by a rapid rebound.

Odaily News: @tayvano_ tweeted that Alchemix, JPEG'd, Metronome, deBridge, and Ellipsis have collectively lost approximately $70 million due to the Curve stablecoin pool attack. Specifically, Alchemix (non-white hat operation) suffered a loss of $20 million, including $13 million in ETH and $7 million in ERC-20 tokens. The CRV/ETH exchange pool lost $18 million. JPEG'd front-runner gained $12 million. Alchemix (white hat operation) suffered a loss of $12 million. Metronome lost $1.6 million, with the CRV pool front-runner gaining $5.3 million. Ellipsis lost $70,000. As previously reported, the alETH/ETH, msETH/ETH, pETH/ETH, and CRV/ETH pools on Curve were attacked due to a recursive lock vulnerability in certain versions of Vyper (0.2.15, 0.2.16, and 0.3.0). According to ShieldDAO monitoring, the DeFi lending protocol Alchemix, the DeFi public product JPEG'd, the DeFi synthetic asset protocol Metronome, the cross-chain bridge deBridge, the Ellipsis DEX on BNB Chain using the Curve mechanism, and the Curve CRV/ETH pool have been attacked, resulting in a loss of approximately $52 million. Subsequently, the MEV robot c0ffeebabe.eth returned 2879 ETH (approximately $5.4 million) to the Curve.fi Deployer address.

Odaily News: Encryption researcher 0xLoki tweeted that Curve founder Michael Egorov currently has collateralized 292 million CRV tokens ($181 million) and borrowed $110 million worth of tokens. The details of the four major loans are as follows: 1. Collateralized 190 million CRV on Aave, borrowed $65 million, liquidation price $0.37. 2. Collateralized 46 million CRV on FRAXlend, borrowed 21 million FRAX, liquidation price $0.4. 3. Deposited 40 million CRV on Abracadabr, borrowed $18 million, liquidation price $0.39. 4. Deposited 16 million CRV on Inverse, borrowed $7 million, liquidation price $0.4. Egorov's recent actions in the past 6 hours: 1) Deposited an additional collateral of around 10 million CRV on Aave and Abracadabra each. 2) Made several loan repayments in the range of several hundred thousand dollars.

The address (starting with 0xbab) responsible for deploying Curve sent a message on-chain to the address (starting with 0xb75) of the attacker in the CRV/ETH pool, seeking communication. Subsequently, the address starting with 0xb75 transferred all the profits in ETH, CRV, and WETH to a new address (starting with 0xb1c33). According to on-chain data, the attacker's address starting with 0xb1c33 currently holds 7,193,402 CRV (approximately $4.48 million), over 7,680.4937 WETH (approximately $14.38 million), 35.2678 ETH, and 18 WPLS.

Odaily News: DeFi protocol StaFi has tweeted that the rETH/ETH and rETH/frxETH pools on Curve are not affected by the Curve incident. These pools do not rely on the vulnerable versions of the Vyper contract, so user funds are safe. As previously reported, the alETH/ETH, msETH/ETH, pETH/ETH, and CRV/ETH pools on Curve were attacked due to a recursive lock vulnerability in certain versions of Vyper (0.2.15, 0.2.16, and 0.3.0).

Odaily News: Curve has tweeted that the Arbitrum Tricrypto pool may be affected. Auditors and Vyper developers have not yet identified any exploitable vulnerabilities, but they advise users to withdraw their funds from the affected pools, which currently include CRV/ETH, alETH/ETH, msETH/ETH, and pETH/ETH.

Odaily News Lens Protocol founder Stani commented on the Curve incident: "Although DeFi is open to everyone, it is difficult and risky to build a resilient DeFi system. In the Curve incident, they did a great job at the protocol level, but the issue with Vyper compilation resulted in DeFi risks affecting the entire system, including the underlying stack and EVM. The damage caused by this incident is limited, and the Curve community was able to handle it. Many attacks were preemptive, but MEV bots also returned some of the funds from the attack to Curve. The most important point is that DeFi empowers the public with information transparency, but it is also susceptible to misinformation, causing unnecessary panic about loss amounts and impacted protocols." Stani concluded by stating that the community needs to find the right way to share accurate information and reduce any unnecessary FUD (Fear, Uncertainty, and Doubt).

Odaily News: Curve Finance tweeted that it has canceled the voting incentives for WETH+CRV and arbi-USDT+WBTC+WETH pools. The first pool has been exploited, and the second pool poses security risks.

Odaily News: According to OKX market data, CRV has briefly dropped below 0.5 USDT, with a 24-hour decline of 18%.

Odaily News: Delphi Digital tweeted that Curve founder Michael Egorov has pledged 59 million CRV, worth 158 million FRAX debt on Frax Finance. Although this position is much smaller than his position on Aave, the time-weighted variable interest rate on Fraxlend poses greater risks to CRV. Delphi Digital stated that with the current 100% utilization rate, the interest rate will double every 12 hours. The current interest rate is 81.20%, and it is expected to increase to close to the maximum value of 10000% APY in just 3.5 days. Regardless of the CRV price, this extremely high interest rate will eventually lead to Egorov's liquidation. Such a large risk position, considering the existing low liquidity, poses a serious threat to the price of CRV, with on-chain liquidity value of approximately 10 million USD and Binance's 2% depth of 370,000 USD. When the liquidation threshold reaches 55%, the position will be liquidated at 0.3767 USDT.

Odaily News According to Twitter user 0xFengwuxiang's statistics, the liquidation price of CRV on various lending platforms is 0.38-0.4 USDT. The largest position is 304 million CRV on Aave, with a liquidation price of 0.38 USDT. The fastest expected liquidation is 59.1 million CRV on Fraxlend.

Odaily News According to the monitoring of Paishield, Sun Yuchen has withdrawn 52.5 million stablecoins from Aave, including approximately 40.7 million USDT and 11.7 million USDC.

Odaily News: On-chain data shows that Michael Egorov, the founder of Curve, has exchanged 1 million USDT for FRAX and repaid a 1 million FRAX debt, withdrawing 2.5 million CRV tokens.

Odaily News: OKX data shows that CRV has rebounded to 0.56 USDT in a short period of time, with a 16.6% increase from its lowest point of 0.48 USDT and a 6.5% increase in the past five minutes. This increase may be influenced by the repayment of a portion of FRAX debt by Michael Egorov.

Odaily News: According to on-chain data, the founder of Curve has once again repaid 1.13 million FRAX debts and withdrew 2.5 million CRV. The total repayment of FRAX now stands at 2.13 million coins.

Odaily News: The founder of Curve has once again transferred 1 million USDT to repay a debt of 1 million FRAX, making the total repayment of FRAX 4.13 million thus far. A total of 10 million CRV has been withdrawn to the same empty wallet, suspected to be used for over-the-counter (OTC) trading. Based on the transfer of 4 million USDT, the corresponding price is 0.4 USDT, while the current market price of CRV is 0.58 USDT.

Odaily News: Curve founder Michael Egorov accumulated a total of 5.13 million FRAX tokens in the past two hours, bringing the debt balance of Fraxlend down to 12.16 million FRAX tokens. The total debt balance is approximately $101 million.

Odaily News: On-chain data shows that Sun Yuchen transferred 2 million USDT to the address of Curve founder. Michael Egorov made another repayment operation, with a total of 7.13 million FRAX repaid in the past two hours.

Odaily News: Today, the founder of Curve, for the first time, began to repay the Abracadabra protocol and has repaid 1.01 million MIM. Previously, the repayments were made exclusively for Fraxlend.

Odaily News: Former CFO of Frog Nation, 0xsifu, tweeted that today Curve founder Michael Egorov's CRV sold through OTC has a six-month lock-up period. It is reported that Michael Egorov has transferred 22.5 million CRV externally today.

Odaily News According to Lookonchain monitoring, the founder of Curve sold 4.25 million CRV to DCF GOD through OTC at an average price of 0.4 USDT. So far, a total of 29.25 million CRV has been sold through OTC.

According to data from on-chain analytics company Lookonchain, Curve Finance founder Michael Egorov has sold 72 million CRV tokens in a series of significant over-the-counter transactions to 15 entities for $28 million. This finding is confirmed by the Dune Analytics dashboard from Spotonchain and data from Nansen analyst Sandra Leow. Egorov's selling behavior aligns with the difficult period faced by CRV tokens. Over the past month, its value has dropped by 22%, which is a result of several exploit attacks on the platform's multiple factory pools. Currently, the trading price of CRV tokens is $0.58. Market analysts believe that Egorov's decision to sell CRV tokens is aimed at proactively reducing his debt on the DeFi platform, thereby avoiding potential liquidation risks associated with his significant loan positions. Lookonchain stated, "Curve Finance founder Michael Egorov sold a total of 72 million CRV tokens to 15 institutions/investors in over-the-counter transactions at a price of $0.40 each, receiving $28.8 million to repay the debt." (The Block)

Odaily News: According to the analysis by online analyst Yu Jin, 3 hours ago, the founder of Curve sold 34.025 million CRV to four investors/institutions: - 25 million CRV sold to Wintermute (could also be investors/institutions who entrusted Wintermute to purchase); - 6.25 million CRV sold to Gnosis Chain; - 2.5 million CRV sold to Reserve; - 275 thousand CRV sold to Llanero.