Editor's Pick

Curve Finance Rewards Security Researcher $250,000 for Uncovering Critical Vulnerability

Popular decentralized finance (DeFi) protocol Curve Finance has awarded a security researcher $250,000 for discovering a critical vulnerability that has historically enabled hackers to siphon off millions of dollars from cryptocurrency protocols. 

The researcher, known as Marco Croc from Kupia Security, identified a reentrancy vulnerability in Curve Finance and elaborated on the bug’s potential for manipulating balances and withdrawing funds from liquidity pools.

Acknowledging the severity of the vulnerability, Curve Finance conducted a thorough investigation and subsequently granted Marco Croc the maximum bug bounty award

Curve Finance Incentivizes White Hat Hacking


Even though the threat was categorized as “not as dangerous,” the protocol said they recognized the potential panic that could have ensued had a security incident occurred. 

With this reward, Curve Finance aims to incentivize responsible security research and strengthen its defenses against potential exploits.

This development comes in the wake of Curve Finance’s recovery from a $62 million hack in July. 

As part of the protocol’s restoration efforts, it recently voted to reimburse $49.2 million worth of assets to liquidity providers (LPs). 

The disbursement was approved by 94% of tokenholders, covering losses incurred in the Curve, JPEG’d (JPEG), Alchemix (ALCX), and Metronome (MET) pools.

Just wanted to emphasize the scale of this. Victims are made whole with this vote with:
– $7.2M worth of ETH recovered by whitehats to the DAO being distributed
– $42M worth of CRV compensating unrecovered parts (vested)
– Other whitehat-recovered funds distributed before vote https://t.co/qmcK9pmTe5

— Curve Finance (@CurveFinance) December 22, 2023

The reimbursement plan involves the use of Curve DAO (CRV) tokens from the community fund. 

It also accounts for tokens recovered since the incident, resulting in a final distribution of 55,544,782.73 CRV. 

The Ethereum (ETH) and CRV amount to be recovered were calculated as 5,919.2226 ETH and 34,733,171.51 CRV, respectively.

The vulnerability exploited by the attacker targeted stable pools and affected specific versions of the Vyper programming language. 

Versions 0.2.15, 0.2.16, and 0.3.0 of Vyper were found to be susceptible to reentrancy attacks, which the attacker leveraged to carry out unauthorized fund withdrawals.

April Records Lowest Crypto Hack Losses


The cryptocurrency industry experienced a major downturn in combined losses from hacks and scams in April.

The month saw the lowest combined losses from crypto-related hacks and scams since 2021, with approximately $25.7 million lost to exploits, hacks, and scams.

More specifically, only $25.7 million was lost in attacks throughout the month, marking the lowest amount since CertiK began tracking such data in 2021.

Flash loan attacks accounted for $129,000 in losses, with the largest incident causing $55,000 in damages. 

This marked the lowest incidence of flash loan attacks since February 2022, and $4.3 million was lost to exit scams.

As reported, the first quarter of this year has seen $336 million lost to Web3 hackers and fraud, with nearly half of the capital stolen in January alone. 

Nonetheless, the number represents a 23% decrease compared to the first quarter of 2023.

It is also worth noting that $73,885,000 has been recovered from stolen Web3 capital in 7 specific situations.

The post Curve Finance Rewards Security Researcher $250,000 for Uncovering Critical Vulnerability appeared first on Cryptonews.

You May Also Like

Editor's Pick

Source: Ark Invest / Instagram ARK Investment Management, led by prominent investor Cathie Wood, has reduced its holdings in the Grayscale Bitcoin Trust (GBTC)...

Latest News

A super PAC that has overseen much of Ron DeSantis’s presidential operation has fired its CEO less than two weeks after the previous chief...

Latest News

WINDHAM, N.H. — It’s pouring rain Saturday morning as New Hampshire Gov. Chris Sununu (R) arrives at Mary Ann’s diner in Windham, fielding calls...

Stock

Popeyes is expanding its menu beyond chicken sandwiches — and it’s a permanent change this time. The fast-food chain announced Wednesday it’s adding five...

Disclaimer: Incomeinnovatorhub.com, its managers, its employees, and assigns (collectively “The Company”) do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

Copyright © 2024 incomeinnovatorhub.com