Alchemix: alETH/ETH Curve pool attacked, resulting in a loss of approximately 5000 ETH. Alchemix treasury funds are secure.
2023-07-31 00:13
Odaily News: DeFi lending protocol Alchemix tweeted that on July 30th, Curve Finance notified Alchemix of a potential attack on its alETH/ETH pool due to a vulnerability in Vyper. Alchemix took immediate action and removed the liquidity controlled by AMO from the Curve pool through the AMO contract.
The vulnerability was in the Curve pool contract itself. Alchemix smart contracts were not attacked, and funds are safe.
Alchemix needs to perform three operations: 1. Unstaking LP tokens from Convex; 2. Withdrawing alETH from the Curve pool; 3. Withdrawing ETH from the Curve pool. The first and second operations have already been executed, unstaking LP tokens from Convex and removing 8000 alETH from the Curve pool. This means that there are still approximately 5000 ETH liquidity controlled by AMO in the Curve pool.
During the process of removing the remaining liquidity, the alETH/ETH Curve pool was attacked by an attacker. Currently, there is a loss of approximately 5000 ETH from the alETH reserves.
For users, funds in the Alchemix treasury are safe, and all Alchemix contracts are unaffected. Providing liquidity in the alETH/ETH Curve pool is unsafe. Providing liquidity for alETH elsewhere is technically safe, but attackers may exploit this liquidity by selling alETH for ETH. The fair price of alETH is currently unknown, and any users holding alETH or providing liquidity for alETH face this uncertainty.
Alchemix recommends that LPs providing liquidity in the alETH pool on decentralized exchange Saddle Finance and the frxETH pool on Curve withdraw their liquidity as soon as possible.
According to previous reports, Curve stablecoin pools alETH/msETH/pETH were attacked due to a recursive lock vulnerability in certain versions (0.2.15, 0.2.16, and 0.3.0) of Vyper.
According to PeckShield monitoring, as of now, DeFi lending protocol Alchemix, DeFi public product JPEG'D, DeFi synthetic asset protocol Metronome, cross-chain bridge deBridge, BNB Chain DEX Ellipsis using Curve mechanism, and Curve CRV/ETH pool have been attacked, resulting in approximately $52 million in losses.
最热快讯
资讯热榜
日榜
周榜
Satoshigallery: Satoshi Nakamoto sculpture found
Trump and Treasury Secretary Benson are actively searching for the next Federal Reserve chairman.
U.S. Trade Representative says tariff policy will remain largely unchanged
Hassett: Not eager to run Bureau of Labor Statistics
The Blue Origin spacecraft that Sun Yuchen took has been launched
Michael Saylor: Winter Won't Come Back