Download Trust Wallet

The Curve Finance Hack: Explained

Published on: Aug 8, 2023
Share post
In Brief

Uncover the details of the Curve Finance Hack and its impact on DeFi. Learn how it unfolded, next steps, and how you can stay safer while exploring Web3.

The Curve Finance Hack: Explained

The Curve Finance hack is one of the most recent hacks in the DeFi ecosystem, which led to an estimated loss of over $50 million in crypto.

In this article, we look at what happened in the Curve Finance hack, share what is next for the company, and explore what this attack would mean for the DeFi industry.

Please note that while the hack has occurred, you can still buy, swap and manage your CRV tokens using Trust Wallet. Remember to always do your own research when it comes to any tokens.


Curve Finance Hack: What Happened?

On July 30, 2023, Curve Finance was hacked by unknown attackers, who reportedly stole over $50 million in cryptocurrency. The Curve Finance team and external auditors are still investigating the incident and are yet to confirm the full stolen amount.

Curve Finance is a decentralized finance protocol that people use to swap stablecoins on Ethereum without intermediaries. The protocol uses liquidity pools where people can combine and lock their assets in a smart contract. These locked assets then support the continuous trade of different digital currencies on the platform by providing liquidity. Those who lock up their assets receive periodic rewards on their assets locked up in the liquidity pools. Therefore, liquidity pools help decentralized exchanges like Curve Finance to operate efficiently.

During the hack, some stablecoin liquidity pools on Curve Finance were attacked and drained due to vulnerabilities in the pools’ coding language. The targeted pools use Vyper, a third-party programming language for smart contracts built on Ethereum. This language had undergone some upgrades in the past, yet some of its older versions, specifically version 0.2.15, were being used by the Curve Finance liquidity pools affected by the hack.

In a tweet initially issued by Curve Finance, the team stated that the hack was attributed to a malfunctioning reentrancy lock. However, the team also mentioned that they were still investigating exactly what happened before and during the hack.

Some of the stable pools affected included Metronome’s msETH/ETH pool, which was, at the time of writing, drained of up to $3.4 million, the Curve DAO drained of around $24.7 million, PEGD’s pETH/ETH pool, drained of $11 million and Alchemix’s alETH/ETH pool which was drained of $22.6 million at the time of writing.

Other than these pools, there were reports of similar attacks carried out on the BNB smart chain, leading to a loss of up to $78,000. The pools impacted by the attack were using the Vyper language, while all the other pools on Curve Finance remain safe.

While the attack is still under investigation, it has had a ripple effect on the price of CRV, Curve Finance’s DAO native token. After the attack, the price dropped by 22.18%, during the week of the attack, from an initial price of $0.73 to $0.56 at the time of writing.


What's Next?

The Curve Finance attack came as a surprise to the platform’s team and the DeFi space at large. However, the team is currently working on identifying and fixing the vulnerability.

One of the ways they are doing this is by advising liquidity pools to update their smart contracts to the current versions of the programming languages used to create them. These updates will help reduce the risk of a similar attack happening on the platform.

Other than the Curve Finance team, other players have helped in mitigating the attack, including white hat hackers. White hat hackers are ethical hackers who try to exploit networks or systems to identify security flaws, then recommend how companies and projects can improve their systems. An example of a white hat hacker who has helped to retrieve funds from the Curve hack is c0ffeebabe.eth. They helped to recover up to $5.4 million (3,000 ETH) of the funds stolen by using a maximal extractable value Ethereum-arbitrage trading bot to front-run the hackers.

Currently, all the people interested in the Curve Finance hack are releasing statements and ‘post-mortems.’ This information will give a full picture of what caused the attack and its effects on Curve Finance.

What Does This Attack Mean for DeFi?

While the most recent attack was centered on Curve Finance, there are bound to be ripple effects on the larger DeFi industry.

The reality is that risks in DeFi remain, which is part of the reason we developed the Trust Wallet Security Scanner. The Security Scanner helps to keep your Web3 experience safer by informing you of any risky transactions while ensuring you still have complete control over your digital assets.


The Curve Finance hack is a significant event in the DeFi space, which has highlighted how vulnerable these new financial protocols can still be, despite DeFi being around for several years now. Even major protocols, such as Curve Finance, can be susceptible to attacks.

As someone who uses or plans to use DeFi protocols, it’s important to stay informed about the latest developments in the DeFi market. You can also take personal steps like using a secure wallet like Trust Wallet to ensure a better experience and protect your funds.

Lastly, remember to do your own research on any current or upcoming projects or platforms before investing in or deploying capital in them.

Download Trust Wallet today to leverage its unique security features on your phone or browser to safeguard your funds while you are exploring the brave new world of Web3.

Join the Trust Wallet community on Telegram Follow us on Twitter Instagram Facebook Reddit

Note: Any cited numbers, figures, or illustrations are reported at the time of writing, and are subject to change.

Simple and convenient
to use, seamless to explore

Download Trust Wallet