Curve Finance pools experienced a reentrancy attack on July 30, resulting in the theft of over $61 million. The attack exposed vulnerabilities in DeFi projects and raised concerns about the broader impact on the ecosystem. Several other DeFi projects were also affected by the attack. The exploit led to one of the largest ever maximal extractable value (MEV) reward blocks. Curve Finance founder Michael Egorov had significant loans backed by the protocol’s native token, CRV, causing concerns about potential liquidation. The CRV token price collapsed but was saved by a centralized exchange price feed. Ethical hackers managed to retrieve some of the stolen funds and returned them to Curve Finance. Curve, Metronome, and Alchemix offered a 10% bug bounty to recover the remaining stolen funds, which the original attacker accepted and began returning. So far, $8.9 million worth of cryptocurrency has been returned.
