CURVE FINANCE COMMUNITY VOTES FOR $49.2 MILLION HACK REIMBURSEMENT

In a significant development for the decentralized finance (DeFi) space, the community behind Curve Finance has voted to reimburse liquidity providers (LPs) who suffered losses during a $61 million hack in July. The decision, reached on December 21, saw an overwhelming 94% approval from token holders.

Reimbursement approved for hack victims

On-chain data confirms that the majority of Curve Finance’s community members have approved the disbursement of tokens worth more than $49.2 million to compensate for the losses incurred by liquidity providers in various pools, including Curve, JPEGd, Alchemix, and Metronome.

This reimbursement considers the value of Ether (ETH) and CRV tokens present in these pools before the hack and the missed CRV emissions that would have been distributed to LPs over the past months.

According to the proposal put forward by Curve Finance, the community fund will provide the Curve DAO (CRV) tokens needed for the reimbursement. It’s worth noting that the final amount to be distributed also considers any tokens recovered since the hacking incident.

The proposal states, “The overall ETH to recover was calculated as 5919.2226 ETH, the CRV to recover was calculated as 34,733,171.51 CRV, and the total to distribute was calculated as 55’544’782.73 CRV.”

uly hack shakes DeFi ecosystem

The security breach occurred on July 30 and significantly impacted the DeFi ecosystem. It exposed several DeFi protocols to a stress test in the following days due to concerns over the exploit’s potential impact on the broader crypto market. At the time of the hack, Curve Finance had nearly $4 billion in total value locked (TVL).

The affected pools included alETH/ETH, pETH/ETH, msETH/ETH, and CRV/ETH. While some of the stolen funds were recovered fully or partially, the exploit left all affected pools shortfall. Curve Finance’s proposal addresses this issue by making the affected liquidity providers whole again.

The attacker exploited a vulnerability in stable pools, specifically targeting versions of the Vyper programming language. This is a popular choice for DeFi protocols due to its design for the Ethereum Virtual Machine (EVM). The vulnerability made Vyper’s 0.2.15, 0.2.16, and 0.3.0 versions susceptible to reentrancy attacks.

Community support and resolution

The overwhelming support from Curve Finance’s community to reimburse liquidity providers highlights the strength and resilience of the DeFi ecosystem. In a decentralized world where community governance plays a crucial role, decisions like these are made collectively and reflect the commitment to fairness and security.

Just wanted to emphasize the scale of this. Victims are made whole with this vote with:
– $7.2M worth of ETH recovered by whitehats to the DAO being distributed
– $42M worth of CRV compensating unrecovered parts (vested)
– Other whitehat-recovered funds distributed before vote
— Curve Finance (@CurveFinance)

The resolution addresses the immediate losses from liquidity providers and underscores the importance of ongoing security and vulnerability assessments within the DeFi space. As the ecosystem continues to grow and evolve, maintaining robust security measures is paramount to prevent similar incidents in the future.

Implications for DeFi and Beyond

The July hack and subsequent reimbursement decision hold significant implications for the broader DeFi industry. It serves as a reminder of the evolving threat landscape in the decentralized finance space and the need for constant vigilance.

Furthermore, reimbursing hack victims may set a precedent for how DeFi communities handle similar incidents. It reinforces the notion that DeFi protocols should prioritize the protection of their users and the integrity of their platforms.