News - This is how dangerous it can now become for the DeFi sector
The latest exploit of a software vulnerability at Curve Finance could turn into a bloodbath in the DeFi industry. Here's what you need to know now.
Overnight, the popular stablecoin DEX Curve Finance turned from a rock into a ticking time bomb for the rest of the industry. The reason: an exploit of the smart contract software Vyper, which has so far caused a good US$100 million in damage on the platform. Curve The financial sector acts as the core of the economy and has currently caused a domino effect. The true extent of the attack is only now being revealed.
More than $45 million flowed from liquidity pools of some external providers, and another $25 million directly from Curve Protocol's CRV/ETH pool. The DeFi giant risks running out of liquidity. Volatility follows lack of liquidity. Some decentralized exchanges are already showing a huge drop in the CRV price. On centralized exchanges, the price drop is more moderate, although there too it has fallen by double digits.
Meanwhile, several million Curve tokens are still in the hands of the attackers, so the danger of further sales is not yet over. Curve founder Michael Egorov's loan positions pose a major risk in this context. With $180 million in CRV as collateral, he currently counts loans worth $60 million. Massive repayments on his part should prevent a liquidation of his assets. However, if CRV's share price falls far below US$0.40, the lights will go out for him.
1/4
— Adam Cochran (adamscochran.eth) (@adamscochran) July 30, 2023
Mich has 3 days or less to start bulk paying down this loan of $20M (assuming price is stable)
If it liquidates next goes another $20M on inverse + $40M on Abracadabra, which will tip the Aave position ($180M).
He only has like $3M in free assets atm. https://t.co/GGMU2Zxpi6 pic.twitter.com/sfwjVGjJle
Egorov's race against the clock is causing other lending protocols to panic. The existing liquidity on mainstream platforms seems insufficient to absorb Egorov's sales. Especially on Aave, traders are fleeing to stablecoins, causing lending rates to skyrocket. Those who want to borrow USDT, USDC or DAI are therefore in some cases paying interest rates up to 93 percent. This in turn puts pressure on Egorov's positions and accelerates his liquidation. If the lending protocols stay on his debts, they will have to sell assets from their own insurance funds, which would increase the downward pressure of the respective tokens. At worst, they face insolvency.
On the very weekend of Ethereum's eighth anniversary, the otherwise robust DeFi sector is facing a chain reaction unprecedented since the collapse of Terra. The liquidity of numerous protocols is in danger of evaporating in record time. Curve alone saw its total value drop 50 percent within 24 hours. Traders are withdrawing their funds for fear of a collapse or further attacks.
Even the Curve team is asking DeFi users to leave affected liquidity pools until the situation is under control. Officials say the attack was limited to just four Curve pools on Ethereum. However, the platform is also at home on its layer 2 solution Arbitrum, among others. According to new information, the "Tricrypto" pool, consisting of ETH, wBTC and USDC, was also affected. However, this has not yet been confirmed.
If no other liquidity pools are affected, the situation could stabilize again. According to the Curve team, several million U.S. dollars are in the hands of attackers with good intentions - so-called "white-hat hackers." As a result, some of the stolen goods could be recovered. Also, some blockchain bots could intercept large amounts of CRV tokens from attackers.
But the risk of contagion continues to weigh heavily. Frax, Aave and co. are still on alert, while platforms such as Alchemix have already suspended their smart contracts. Users are therefore advised not to interact with decentralized lending platforms in the coming days. Meanwhile, the DeFi sector continues to hold its breath.