登入
註冊
掃描 QR Code 下載 APP
更多下載方式
平台通知
交易行情
沒有新通知
更多
選擇語言及地區
简体中文
English
Tiếng Việt
繁體中文
Español
Русский
Français (Afrique)
Português (Portugal)
ไทย
Indonesia
日本語
بالعربية
Українська
Português (Brasil)
漲跌顏色
紅漲綠跌
綠漲紅跌
漲跌幅起始時間
24小時制
UTC 00:00
UTC+8 00:00
Gate.io
BLOG
Curve Finance's Road to Recovery: DeFi C...
Curve Finance's Road to Recovery: DeFi Challenges to Guarantee Security
2024-06-26, 06:11
[//]:content-type-MARKDOWN-DONOT-DELETE ![](https://gimg2.gateimg.com/image/article/1719382125sdfx.jpeg) ## [TL; DR] On 10 June UwU Lend was attacked and lost crypto assets valued at around $20 million. The liquidations that followed the UwU lend exploit led Michael Egorov to incur a bad debt which he, however, repaid. DeFi firms should adopt advanced technology and expertise to prevent future flash loan attacks. ## Introduction Crypto crimes seem to continue in 2024 despite some quiet periods along the way. Unfortunately, there is an evolving trend where the attackers capitalize on bugs in platforms that offer flash loans. The attack on UwU Lend, a decentralised finance (DeFi) lending protocol that exists on the <a href="/price/ethereum-eth" target="_blank" class="blog_inner_link">Ethereum</a> blockchain, shows the gravity of the situation. Despite the efforts of several lending protocols to improve their security measures the malicious actors seem to find ways to exploit them. Today, we focus on how the UwU lending protocol’s attack created turmoil for Curve Finance. We will also look at Curve Finance’s road to full recovery. Related news: [Curve Finance crvUSD, expanding its DeFi Stablecoin Platform](https://www.gate.io/blog_detail/2637/curve-finance-crvusd-expanding-its-defi-stablecoin-platform "Curve Finance crvUSD, expanding its DeFi Stablecoin Platform") ## Turmoil in the DeFi sector involving Curve Finance UwU lending protocol had two hacks that occurred within the second week of June which created turmoil [on the Curve Finance platform](https://www.gate.io/blog_detail/648/what-is-curve-war-gain-insight-into-curve-the-stablecoin-exchange-leader "on the Curve Finance platform"). Sadly, the second attack occurred when the crypto firm was in the process of reimbursing victims of the first attack. The attack that occurred on 10 June led to a series of events which resulted in Michael Egorov to lose over $100 million in loans he had on various platforms. When the loans were liquidated the[ CRV tokens price](https://www.gate.io/price/curve-dao-crv " CRV tokens price") plummeted by around 30%. In a related development, UwU lost over $20 million after the flash loan attack. No doubt, the cause of Curve Finance’s multimillion liquidations and bad debts was the flash loan attack. For context, UwU Lend allows its users to lend, borrow and stake various crypto assets. As per CoinDesk publication, [Michael Egorov said](https://www.coindesk.com/tech/2024/06/14/defi-heavyweight-curve-focused-on-becoming-safest-lending-platform-founder-says/ "Michael Egorov said"), “On April 15 they (UwU Lend) deployed vulnerable code for new (sUSDe) markets, and those markets are not isolated, so the whole platform takes the risk.” He continued “UwU was hacked, and the hacker, as a part of cash-out play, deposited CRVs taken from UwU to lend.curve.fi (LlamaLend) and disappeared with the funds, leaving his debt in the system.” In [an X post Egorov](https://x.com/newmichwill/status/1801255607137165390 "an X post Egorov") explained: “Many of you are aware that I had all my loans liquidated. Size of my positions was too large for markets to handle and caused 10M of bad debt. Only the CRV market (where the position was the biggest) was affected.” Egorov gave reasons for the dire situation. In an [interview with Cointelegraph, he said](https://cointelegraph.com/news/curve-ceo-clarifies-uwu-hack-misinformation "interview with Cointelegraph, he said"), "CRVs posted as collateral for loans amounted to probably 30% of the circulating supply; half of that was on Curve, so indeed, it incurred some bad debt. It was already repaid. No one is affected. For non-major crypto (e.g., not BTC or ETH as collateral), one should likely provide borrow caps; data shows that Curve-specific markets can be well-parameterized to withstand even these conditions.” Egorov also emphasized that the [Curve Finance platform](https://www.gate.io/learn/articles/what-is-curve/425 "Curve Finance platform") team was working on solving liquidation issues that arose from the UwU crypto exploit. According to him, although the Curve Finance DeFi market is separate from other lending pools the depositors would not withdraw their CRV as long as Curve Finance’s bad debt existed. Egorov clarified: “**The Curve Finance team and I have been working to solve the liquidation risk issue which happened today**,” Michael added. In spite of the multimillion liquidations and bad debts Egorov assured the Curve Finance users that they will all be able to withdraw their deposits. More significantly he promised to make the crypto protocol the safest lending platform within the DeFi market. The Curve Finance founder believes that the platform’s lending/borrowing products will be the safest in the sector. Also, Egorov talked about the necessary security measures to prevent future crypto exploits. For example, he recommended that UwU Lend should “re-verify all contracts and connect them to good security auditors.” That will ensure that their collective loan mechanisms are sound and safe. Eternal audits will also help to identify any vulnerable code in the system, thereby preventing future crypto exploitations. Egorov also said that the industry should use “open-source liquidation bots” and community education about liquidations.” According to him, if the right technology and expertise had been used in the case of UwU exploit the subsequent liquidations and bad debt would have been avoided. To this effect, Egorov explained: It appears industry heavyweights did not fully know how to deal with liquidations; they did not attempt to do partial hard liquidations for my position on Curve. Eventually, I had to do it myself.” As per Egorov’s most recent update, Curve Finance has already repaid the $10 million in bad debt that arose from the soft liquidations which the UwU exploit triggered. Read also: [Curve DAO Price Prediction & Forecast for 2024, 2025, 2030](https://www.gate.io/price-prediction/curve-dao-crv "Curve DAO Price Prediction & Forecast for 2024, 2025, 2030") ## Hacker's strategy involving CRV tokens To fully understand what we discussed above, let’s explain how the UwU crypto exploit occurred and its effect on the CRV token. First, the crypto exploiter capitalized on a vulnerable code within the protocol’s price oracles, a component which determines the prices of the assets. After the hacker drained various crypto assets he/she deposited CRV into LlamaLend which enabled him/her to borrow over 8 million crvUSD. As a result, the exploiter was able to swap the CRV tokens at a better rate. However, the UwU team paused transactions when they discovered the exploit. In an effort to mitigate the impact of the exploit on the users the platforms set the borrowing and depositing rates at 0. Also, in an attempt to lure the hacker to return the crypto loot UwU offered a 20% white-hat bounty reward. Basically, that bounty was higher than the industry benchmark of 10%. The team promised to pay the $5 million bounty reward in ETH. Anyone who helps to catch the attacker can get the promised $5 million. Some of the crypto assets the hackers stole were uLUSD, uFRAX, UwU’s uDAI, uCRVUSD, uWETH and uUSDT. ## Conclusion Curve Finance lost $100 million due to multimillion liquidations following the UwU Lend crypto exploit. Through the same hack UwU Lend lost assets worth $20 million. In the meantime, UwU has announced a $5 million bounty reward to anyone who helps to find the attacker. Egorov urged crypto firms in the sector to improve their security measures and have constant audits to prevent future hacks. <div class="blog-details-info"> <div>Author:** Mashell C.**, Gate.io Researcher <div class="info-tips">\*This article represents only the views of the researcher and does not constitute any investment suggestions. <div>\*Gate.io reserves all rights to this article. Reposting of the article will be permitted provided Gate.io is referenced. In all cases, legal action will be taken due to copyright infringement. </div>
分享一下
目錄
[TL_ DR]
Introduction
Turmoil in the DeFi sector involving Curve Finance
Hacker_s strategy involving CRV tokens
Conclusion
Credit Ranking
Complete Gate Post tasks to upgrade your rank
Join Now
相關文章
Market News
From Bitcoin to Ethereum: Why Ethereum is Blockchain 2.0
2021-06-20, 09:30
Market News
The Biggest Airdrop in History May Come: Metamask Will Launch A Token Soon
2022-03-18, 04:53
Market News
Science: From Market Maker to Liquidity Mining, How Important is Liquidity?
2021-07-19, 07:36