Security • July 31, 2023, 2:36AM EDT
Published 1 minute earlier on

Crypto exchange Upbit suspends CRV deposits and withdrawals amid Curve Finance exploit

Read the non-AMP story on Theblock.co
The Block

Quick Take

  • South Korean crypto exchange Upbit has suspended deposits and withdrawals for Curve Finance’s CRV token.
  • Curve is experiencing a slew of issues following a reentrancy vulnerability in specific Vyper compiler versions.

South Korean crypto exchange Upbit has suspended deposits and withdrawals for Curve Finance's token, CRV.

"Today, certain vulnerabilities have been discovered in some of the stablecoin pools associated with Curve (CRV)," the exchange's announcement reads. It added, "As a result, CRV is currently experiencing significant volatility. We advise exercising caution when considering any investments related to CRV."

DeFi platform Curve Finance faced a reentrancy vulnerability — a security flaw that allows for the potential draining of funds from uninterrupted contract calls — yesterday and into today. Significant outflows were linked to interactions exploiting the reentrancy vulnerability in specific Vyper compiler versions.

"Vyper versions 0.2.15, 0.2.16 and 0.3.0 are vulnerable to malfunctioning reentrancy locks," Vyper tweeted. "The investigation is ongoing but any project relying on these versions should immediately reach out to us."

Additionally, millions of CRV tokens were stolen minutes before a white hat rescue mission to safeguard the funds.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.