Author: Minako Kojima.

I was still at the IOSG Friends Club in the cloud this morning, and suddenly found that both curve and farm began to plummet, and Farm fell by nearly 67%.

Afterwards, news of the tractor being attacked came from various groups one after another, and many fUSDT users reported that they lost 10% of their principal. Immediately afterwards, the Tractor 🚜 official also issued an announcement.

attack contract

• attack contract

• loss data

The difference is that this time the hacker was obviously planning for a long time, not only using renBTC for money laundering, but also using Tornado to anonymize his attack address. It can't be said that it is a top-level technique. A dozen or so 20eth gas attack commands were completed in one go.

Specifically, although the slippage of Curve's curve is usually very low, it will change suddenly in extreme situations. Arbitrageurs manipulate the price of Curve's yPool, turn against Harvest, recharge unilaterally, and then use Curve to get the money back, and use flash loans⚡️ Exchange rate manipulation, creating extreme prices, and then using poor liquidity to earn money back is similar to the bZx attack. .

Although the project party dumped Curve for the first time. However, judging from the current data, Curve's LP should have only charged a lot of handling fees in this series of attacks. The short-term transaction volume reached 2.7 billion dollars, the capital utilization rate was 2400%, and the LP handling fee was charged 1 million+ dollars. The direct front end is overflowing. . Although there will be impermanence loss in the short term, it must recover soon. Users who hold Curve LP need not worry.

Looking at the three major aggregators YFI, YFII, and Harvest, only YFII has never had any problems. It is suggested that the farmer uncle can transfer to YFII for financial management.