Several Curve Finance’s Ethereum Pools Are Targeted by Hackers

Curve Finance, a popular decentralized exchange, confirmed today that $52 million was stolen over the weekend due to an exploitable bug in the Vyper language, which is used to write smart contracts on the Ethereum blockchain.

Three of its liquidity pools for tokens paired with Ethereum and Curve governance token CRV, as well as several ERC-20 tokens issued on Alchemix (alETH), Metronome Synth (smETH), and JPEG’d (pETH), were hacked.

Further, the platform also said that its Arbitrum-based liquidity pool for Tricrypto (USDC, wBTC, and ETH) may have also been potentially affected.

A lead contributor to Vyper suggested that the hackers likely took weeks to months to find the vulnerability.