The community at Curve Finance has agreed to pay liquidity providers who lost money in a hack that happened in July and cost them $61 million.
With over 94% of tokenholders voting in favor of this choice on December 21, over $49.2 million worth of tokens will be given out to make up for the losses in the Curve (CRV), JPEG’d (JPEG), Alchemix (ALCX), and Metronome (MET) pools.
Several things are taken into account when figuring out the compensation. This includes the amount of Ether and CRV tokens that were in the pools before the hack, as well as the CRV releases that liquidity providers missed over the next few months. The official plan from Curve says that the Curve DAO (Decentralized Autonomous Organization) will give the CRV tokens that are needed for the reimbursement. The final number also takes into account the tokens that were found after the event.
It said in the plan, “The total ETH to recover was calculated to be 5919.2226 ETH, the CRV to recover was calculated to be 34,733,171.51 CRV, and the total to distribute was calculated to be 55’544’782.73 CRV.”
Just wanted to emphasize the scale of this. Victims are made whole with this vote with:
— Curve Finance (@CurveFinance) December 22, 2023
– $7.2M worth of ETH recovered by whitehats to the DAO being distributed
– $42M worth of CRV compensating unrecovered parts (vested)
– Other whitehat-recovered funds distributed before vote https://t.co/qmcK9pmTe5
The July 30 hack was a big test for a number of DeFi protocols, which made people worry about the effects on the cryptocurrency economy as a whole. At that time, Curve’s total value locked (TVL) was close to $4 billion. This meant that pools like alETH/ETH, pETH/ETH, msETH/ETH, and CRV/ETH were all affected.
Even though efforts were made to get back the stolen money and were either fully or partly successful, the pools that were affected still fell short because of what the MEV (Maximal Extractable Value) bots did. Curve’s plan is meant to fix these gaps and fully compensate the liquidity providers who were hurt.
The breach took advantage of a flaw in the computer language Vyper, which is often used in DeFi protocols because it works well with the Ethereum Virtual Machine. It was found that versions 0.2.15, 0.2.16, and 0.3.0 of Vyper were vulnerable to reentrancy attacks because of the bug.
Curve’s community’s choice is a big step toward fixing the problems caused by the hack and building trust among people in the DeFi ecosystem.
ALSO READ
- Curve Finance Hack Victims to Receive $62M Reimbursement
- Alchemix Returns All Stolen Funds from Curve Pools
- Celsius restores partial withdrawals for eligible crypto holders