Curve Finance Exploit: A tale of Vyper vulnerabilities, Australian mansions and repercussions on the DeFi ecosystem

In the ever-evolving landscape of DeFi, Curve Finance has established itself as a cornerstone project, offering a critical infrastructure for stablecoins and stablepair trading. As an OG DeFi player and the second largest decentralized exchange (DEX), Curve’s significance in the DeFi ecosystem cannot be underestimated. However, last weekend’s events have cast a dark shadow on the platform, raising concerns for VCs, traders, and DeFi enthusiasts alike. In this article, we delve into the timeline of events surrounding the recent exploit, the impact on the platform’s governance token (CRV), and the founder’s financial entanglements that have sent shockwaves through the DeFi world.

The Exploit: A Vulnerability Unleashed

On July 30 Curve Finance fell victim to an exploit. The exploit, triggered by a Vyper programming language vulnerability, allowed hackers to drain ETH-pegged assets from select pools. Subsequently, these ill-gotten assets were exchanged for real ETH on projects issuing the pegged assets. Notably, the exploit impacted protocols such as Jpeg, Alchemix, and Metronome Dao, leading to a total of ~$27M losses and a ripple effect across the DeFi landscape.

CRV’s Dramatic Plunge

As news of the exploit spread, the governance token of Curve Finance, CRV, experienced a sharp decline in value. Investors, traders, and DeFi participants found themselves grappling with uncertainties, questioning the long-term stability of the platform and its implications for the broader DeFi sector.

The Founder’s Financial Predicament

Adding to the turmoil was the revelation of the founder’s financial entanglements. Michael Egorov, the founder of Curve, who holds over 50% of $CRV’s circulating supply (~$300M), staked a large amount of $CRV across multiple lending protocols as a collateral to borrow substantial stablecoins.

These stablecoins were allegedly utilized to purchase two lavish mansions worth over 40 million USD in Australia (source: The Block, May 29, 2023). This revelation fueled speculation about the founder’s liquidity and the potential risk of his collateral facing liquidation.

The OTC Trading and Debt Repayment

With the CRV price plunging and liquidity concerns mounting, Egorov found himself facing a critical liquidity crisis. If a liquidation of this size happened, $CRV value could drop as far as $0.

We tracked Egorov’s address and found out that in an attempt to repay the staggering debt, he engaged in over-the-counter (OTC) trading with notable figures such as Justin Sun and Dwf Labs, selling $CRV at a discount ($~0.4) in exchange for USDT/USDC. While this alleviated immediate liquidity pressures, a significant debt of approximately $85 million still looms.

A Prisoner’s Dilemma for Lending Platforms

The founder’s staggering debt has also plunged lending platforms into a precarious situation, leading to a “Prisoner’s Dilemma.” Each platform is vying to recoup their loans from the founder first, adding further complexity to the unfolding crisis. Abracabra finance, for instance, proposed freezing the founder’s collateral and granting the right to liquidate it independently when necessary, showcasing how platforms are determined to shield themselves from potential bad debt.

Only 5 addresses have voted, but MIM went on passing the proposal nonetheless.

Conclusion

The recent exploit and subsequent events surrounding Curve Finance have underscored the vulnerability of even well-established DeFi projects. As one of the foundational protocols in the DeFi world, Curve’s crisis highlights the potential repercussions for the entire DeFi ecosystem if such vulnerabilities remain unchecked. For VCs, traders, and DeFi players, it serves as a stark reminder of the importance of rigorous auditing and risk management practices when navigating the DeFi space.

As the community closely monitors the unfolding situation, all eyes are on the founder’s next steps and the path ahead for the pioneering DeFi platform. At the time of the article’s release, Egorov is still actively selling CRV through OTC trading to acquire stablecoins and bring his debt ratio to a healthy level. We will promptly update his latest progress on Scopescan Twitter.

‍