Crypto exchange Upbit suspends CRV deposits and withdrawals amid Curve Finance exploit

Security • July 31, 2023, 2:36AM EDT
Published 1 minute earlier on
The Block

Quick Take

  • South Korean crypto exchange Upbit has suspended deposits and withdrawals for Curve Finance’s CRV token.
  • Curve is experiencing a slew of issues following a reentrancy vulnerability in specific Vyper compiler versions.

South Korean crypto exchange Upbit has suspended deposits and withdrawals for Curve Finance's token, CRV.

"Today, certain vulnerabilities have been discovered in some of the stablecoin pools associated with Curve (CRV)," the exchange's announcement reads. It added, "As a result, CRV is currently experiencing significant volatility. We advise exercising caution when considering any investments related to CRV."

DeFi platform Curve Finance faced a reentrancy vulnerability — a security flaw that allows for the potential draining of funds from uninterrupted contract calls — yesterday and into today. Significant outflows were linked to interactions exploiting the reentrancy vulnerability in specific Vyper compiler versions.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy
"Vyper versions 0.2.15, 0.2.16 and 0.3.0 are vulnerable to malfunctioning reentrancy locks," Vyper tweeted. "The investigation is ongoing but any project relying on these versions should immediately reach out to us."

Additionally, millions of CRV tokens were stolen minutes before a white hat rescue mission to safeguard the funds.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Adam is the managing editor for Europe, the Middle East and Africa. He is based in central Europe and was a managing editor and podcast host at the crypto exchange OKX's former research arm, OKX Insights. Before that, he co-founded BeInCrypto.com, which he elevated into one of the leading crypto media brands at its peak as the editor-in-chief. Earlier, he served as the editor-in-chief at Bitcoinist.com. Before joining the blockchain and crypto industry, he worked for Looper.com, Grunge.com and SVG.com. He tweets via @XBT002 and can be emailed at [email protected].

Editor

To contact the editor of this story:
Ryan Weeks at
[email protected]

More by Adam James