Alchemix has provided an official update on the Curve Finance situation. The platform recently witnessed a 47 million-dollar exploit.
According to reports, the exploit emerged because of a reentrancy vulnerability. It is believed that Vyper 0.2.15, 0.2.16, and 0.3.0 versions are prone to malfunctioning reentrancy locks.
The official tweets by Alchemix also read how Curve informed the platform about the exploit on 30th July. The exploit took place on Curve’s alETH/ETH pool because of a Vyper bug. Alchemix was quick to remove its AMO-controlled liquidity from Curve using the AMO contract.
The string of tweets continued to share valuable information with users. It stated that the exploit took place on Curve’s pool contracts. However, the attack did not compromise Alcemix smart contracts in any way. Thus, all the user funds on the contracts were secure.
Alchemix talked about three key transactions:
- Unstaking LP tokens from Convex
- Withdrawing alETH from Curve
- Withdrawing ETH from Curve
Soon after sharing this update, Alchemix kept users in the loop regarding the execution of every transaction. The platform shared that the attacker removed 8,000 alETH from Curve.
It left around 5,000 ETH of liquidity in the pool that was owned by the AMO. The exploiter drained the alETH/ETH pool, resulting in a partial loss of approximately 5,000 ETH. Alchemix has assured users that it is helping Curve Finance investigate the attack.
Meanwhile, users do not have to worry about the funds in the Alchemix vaults. Similarly, offering any liquidity in the alETH/ETH pool is still unsafe. Users are also suggested to be cautious while offering liquidity for alETH on other platforms.
There is no assessment of alETH’s fair price currently. Thus, every alETH holder and liquidity provider is exposed to this uncertainty. Alchemix has promised to inform users about every update on its social media platforms.