Image default
CryptoNewsDeFiFeatured

MEV Vulnerabilitie Exposed: $2 Million Loss in Curve Pool Hack

Recently, an unknown Miner Extractable Value (MEV) bot fell victim to a hack, resulting in an estimated loss of around $2 million, raising concerns about the security in Curve’ pools.

The incident occurred in the Curve pools, a DeFi protocol known for its asset exchange functionality.

The attacker was able to exploit an arbitrage function, 0xf6ebebbb(), which lacked proper authentication, allowing them to manipulate swap operations across multiple pools.

This malicious activity resulted in significant slippage in transactions and led to substantial losses for the affected parties.

The cunning of the attacker became evident when they reversed the operations to maximize their profits, further exacerbating the impact of the incident.

curve finance

Consequences and Background of Hacking in Curve

The attack resulted in a loss of $2.3 million. The hacker discovered an exposed function in the bot that allowed them to execute a transaction from Wrapped Ether (WETH) to Wrapped Bitcoin (WBTC).

Subsequently, they conducted a flash loan of 27,255 WETH (equivalent to $51.36 million), using this loan to significantly manipulate the price ratio between WETH and WBTC within the Curve pool.

This manipulation destabilized the pool and forced the arbitrage bot to convert 1,339.8 WETH (approximately $2.52 million) into 6.95 WBTC (around $244,000).

It is important to note that the owner of the MEV bot had already withdrawn funds from the contract before the attack, indicating careful planning by the attacker.

This incident serves as a reminder that while DeFi continues to be a fertile ground for innovation, it is also a space where risks and vulnerabilities can have a significant impact.

Curve’s pools faced multiple attacks in July 2023, resulting in losses of approximately $70 million due to a vulnerability in the Vyper programming language used in Ethereum smart contracts, including those of Curve and other decentralized protocols.

After that attack, ethical hackers and MEV bot operators collaborated to recover some of the lost funds.

Related posts

SOON Raises Builder-Exclusive Funds to Boost Scalability and Efficiency

Guido Battigelli

Ripple to Reset XRPL Testnet; Speculation Rises Over Tokenized T-Bills Testing

Guido Battigelli

US SEC Given a 10-Day Ultimatum to Reply to Coinbase Complaint

Godfrey Benjamin

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More