Popular decentralized finance (DeFi) protocol Curve Finance has awarded a security researcher $250,000 for discovering a critical vulnerability that has historically enabled hackers to siphon off millions of dollars from cryptocurrency protocols. ,The researcher,
known as
Marco Croc from Kupia Security, identified a reentrancy vulnerability in Curve Finance and elaborated on the bug’s potential for manipulating balances and withdrawing funds from liquidity pools.,Acknowledging the severity of the vulnerability, Curve Finance conducted a thorough investigation and subsequently
granted Marco Croc the maximum bug bounty award
. ,
Even though the threat
was categorized
as “not as dangerous,” the protocol said they recognized the potential panic that could have ensued had a security incident occurred. ,With this reward, Curve Finance aims to incentivize responsible security research and strengthen its defenses against potential exploits.,This development comes
in the wake of
Curve Finance’s recovery from a
$62 million hack
in July. ,As part of the protocol’s restoration efforts, it recently voted to reimburse $49.2 million worth of assets to liquidity providers (LPs). ,The disbursement was approved by 94% of tokenholders, covering losses incurred in the Curve, JPEG’d (JPEG), Alchemix (ALCX), and Metronome (MET) pools.,The reimbursement plan involves
the use of
Curve DAO (CRV) tokens from the community fund. ,It also accounts for tokens recovered since the incident, resulting in a final distribution of 55,544,782.73 CRV. ,The Ethereum (ETH) and CRV amount to
be recovered
were
calculated as
5,919.2226 ETH and 34,733,171.51 CRV, respectively.,The vulnerability exploited by the attacker targeted stable pools and affected specific versions of the Vyper programming language. ,Versions 0.2.15, 0.2.16, and 0.3.0 of Vyper were found
to be susceptible to reentrancy attacks, which the attacker leveraged to carry out unauthorized fund withdrawals.,
The cryptocurrency industry experienced a
major
downturn in combined losses from hacks
and scams
in April
.,The month saw the lowest combined losses from crypto-related hacks and scams since 2021, with approximately $25.7 million lost to exploits, hacks, and scams.,More specifically, only $25.7 million was lost in attacks throughout the month, marking the lowest amount since CertiK began tracking such data in 2021.,Flash loan attacks accounted for $129,000 in losses, with the
largest
incident causing $55,000 in damages. ,This
marked the lowest incidence of
flash loan attacks
since February 2022, and $4.3 million was lost to exit scams.,As reported, the first quarter of this year has
seen $336 million lost
to Web3 hackers and fraud, with nearly half of the capital stolen in January alone. ,Nonetheless, the number represents a 23% decrease compared to the first quarter of 2023.,It is also worth noting that $73,885,000 has
been recovered
from stolen Web3 capital in 7 specific situations.,Curve Finance Incentivizes White Hat Hacking
https://coinniu.com/curve-finance-rewards-security-researcher-250000-for-uncovering-critical-vulnerability/
