Odaily News According to Pudao monitoring, as of now, DeFi lending protocol Alchemix, DeFi public product JPEG'd, DeFi synthetic asset protocol Metronome, cross-chain bridge deBridge, BNB Chain DEX Ellipsis using the Curve mechanism, and Curve CRV/ETH pool have been attacked, resulting in a loss of approximately $52 million.



According to previous reports, Vyper, the Ethereum programming language, issued a statement stating that versions 0.2.15, 0.2.16, and 0.3.0 have a recursive lock vulnerability. An investigation is currently underway, but any project using these versions should contact us immediately.



Curve's official response stated that due to the vulnerability in Vyper 0.2.15, some stablecoin pools (alETH/msETH/pETH) have been attacked. We are assessing the situation and will provide updates to the community as the situation develops. Other pools are secure.



Curve contributor Banteg stated that the CRV/ETH pool was emptied minutes before the white hat hackers began rescuing it. This is part of a series of attacks that have occurred, and it is currently estimated that 7 million CRV tokens and $14 million worth of WETH have been stolen from the CRV/ETH pool on Curve.