A glance at the funding movements of key interest groups in the "Curve event"

On July 30, the Curve stablecoin pool alETH/msETH/pETH was attacked due to a recursive lock vulnerability that failed in some versions of Vyper (0.2.15, 0.2.16, and 0.3.0). Affected by the attacks on some of Curve’s stablecoin pools, Alchemix, JPEG’d, Metronome, deBridge, and Ellipsis currently have a cumulative loss of approximately $70 million:

• Alchemix: 7259 ETH and 4821 alETH (~$22 million);
• JPEG’d: 6106 ETH (about 11.4 million USD);
• Metronome: 866.554 ETH (about $1.6 million), 955 smETH (about $1.7 million);
• CRV-ETH pool: 10,500 ETH (approximately US$19.4 million), 7.19 million CRV (approximately US$4.4 million).

Affected by the attack, the price of CRV fell, and the founder’s loan faced the risk of liquidation

Affected by the attack, on July 31, the total lock-up volume (TVL) of Curve Finance dropped from $3.266 billion on July 30 to $1.869 billion, a 24-hour drop of 42.78%, and CRV prices fell by 14.89% in 24 hours .

The falling price of CRV forced Curve founder Michael Egorov to face the liquidation risk of his $70 million borrowing position on Aave. In view of this, Egorov sold CRV through OTC in exchange for funds to repay the loan.

Since the OTC sale started on August 1, as of August 6, Egorov has sold 142.65 million CRVs to 30 investors/institutions in exchange for USD 57.06 million.

As of August 6, Egorov still mortgaged 269.8 million CRV (approximately US$166 million) on four platforms, with a debt scale of approximately US$48.7 million.

Attacker returns funds

On July 30, the exploiter coffeebabe.eth returned 786 ETH ($1.45 million) and 955 smETH ($1.74 million) to Metronome, and 2,879 ETH ($5.36 million) to Curve Finance;

On August 3rd, the Curve Foundation sent an on-chain message to the exploiter offering to receive 10% of the stolen funds as a bounty if the attacker returns the remaining 90% by August 6th at 8AM (UTC) ;

On August 4th, the attacker 0x6ec returned 5495 WETH ($10 million) to JPEG’d and kept 610 ETH ($1.1 million) as a 10% bounty; the attacker 0xdce returned 2258 ETH ($415 million USD) and 48.20 alteth (8.82 million USD);

On August 5, 0xdce returned 4,999 ETH ($9.18 million) to AlchemixFi, all of which have been returned;

On August 6th, 32% of the stolen assets (approximately $18.7 million) had not yet been returned:

• 80 ETH ($14,700) from MetronomeDAO (custodial at coffeebabe.eth);
• 7681 ETH ($14.4 million) and 7.19 million CRV ($4.43 million) from the CRV-ETH pool.

As of press time, of the $59.5 million stolen in the Curve Finance Vyper exploit, about $40.3 million has been returned, $560,000 was given as a bounty to the hacker, and about $18.7 million has yet to be returned by the CRV/ETH exploiter (0xb752 …b324).

On August 7th, Curve Finance tweeted that the deadline for CRV/ETH vulnerability attackers to voluntarily return funds has passed, and a bounty will be provided for anyone who provides information that leads to the arrest and conviction of hackers (currently $1.85 million) ).

![Overview of the funding movements of key interest groups in the “Curve Incident”] (https://img-cdn.gateio.im/resized-social/moments-7f230462a9-0f1e9b4cc0-dd1a6f-1c6801) In addition, Odaily Planet Daily specially reminds, Recently, there have been some accounts pretending to be official Curve on X (that is, Twitter). Fraudulent accounts are often marked with blue or yellow marks, and precautions should be taken.