Curve Finance Resurgence: 70% Of Stolen Funds Recovered, Redemption On The Horizon

Curve Finance (CRV), a leading decentralized finance (DeFi) protocol, announced significant progress in its recovery efforts following a recent hack that resulted in losing $73.5 million across several projects within its factory pools. 

The attack on July 30 exploited a critical security flaw known as a “reentrancy vulnerability,” allowing malicious actors to drain funds from Curve’s smart contracts.

Curve Finance Commits To Restitution Process For Hacked Funds

In a significant effort, Curve Finance has successfully retrieved 70% of the funds affected by the hack. While this achievement marks an important milestone, an active investigation is underway to recover the remaining balance and hold the perpetrators accountable.

Understanding the gravity of the situation, Curve Finance has also taken proactive measures to ensure a fair and transparent distribution of the recovered funds to affected users.

The protocol is diligently working to measure the respective shares of each impacted account, aiming to facilitate an equitable restitution process that prioritizes user protection and trust restoration.

Curve Finance’s recovery efforts are further bolstered by their recent announcement of a $1.85 million bounty. This generous reward will be granted to anyone who can provide accurate information leading to the identification and apprehension of the attackers holding the remaining funds. 

By offering this substantial bounty, Curve Finance actively encourages community participation and collaboration to expedite the investigation and bring the perpetrators to justice.

Curve’s Post-Hack Safety Report

Following a thorough investigation, Curve Finance discovered that the exploit primarily targeted the aleth, peth, mseth, and crveth pools. 

The vulnerability stemmed from a bug within the vyper 0.2.15-0.3.0 version, which the protocol promptly identified as the root cause of the breach. By swiftly pinpointing the issue, Curve Finance was able to take immediate action to mitigate any further risk to its users.

It is important to note that all other pools on Curve Finance have been confirmed as safe and unaffected by the exploit, according to Curve’s update. This assurance gives users the confidence to continue utilizing the platform, knowing that their funds remain secure within these pools.

Alongside the technical remediation, Curve Finance collaborates with security experts, auditors, and the broader DeFi community to conduct thorough audits and implement additional security measures. 

This collaborative approach aims to reinforce the protocol’s resilience and prevent similar incidents in the future. Overall, Curve Finance’s recovery of 70% of the hacked funds, coupled with its ongoing investigation and bounty initiative, underlines the protocol’s commitment to user protection and the broader DeFi community. 


According to Token Terminal data, Curve Finance’s circulating market cap currently stands at $518.76 million, reflecting a decrease of 22.29% over the analyzed period. 

The fully diluted market cap, which represents the potential future market value of the project, is estimated at $1.97 billion.

Curve Finance’s total value locked (TVL), a crucial indicator of the protocol’s popularity and user engagement, currently amounts to $2.44 billion. Despite a decline of 35.19% over the analyzed period, Curve Finance maintains a substantial TVL, highlighting its significance within the DeFi landscape.

Featured image from iStock, chart from