South Korean Exchange Upbit Suspends Curve (CRV) Deposits And Withdrawals Following Exploit

In light of the recent security breach that affected Curve Finance’s CRV token, South Korean-based cryptocurrency exchange Upbit has announced a temporary suspension of deposits and withdrawals for the token.  Upbit Advises Caution Amid Volatility Upbit’s precautionary suspension of all CRV deposits and withdrawals occurred after a reentrancy attack on the Curve Finance platform. The […]
In light of the recent security breach that affected Curve Finance’s CRV token, South Korean-based cryptocurrency exchange Upbit has announced a temporary suspension of deposits and withdrawals for the token.  Upbit Advises Caution Amid Volatility Upbit’s precautionary suspension of all CRV deposits and withdrawals occurred after a reentrancy attack on the Curve Finance platform. The […]

In light of the recent security breach that affected Curve Finance’s CRV token, South Korean-based cryptocurrency exchange Upbit has announced a temporary suspension of deposits and withdrawals for the token. 

Upbit Advises Caution Amid Volatility

Upbit’s precautionary suspension of all CRV deposits and withdrawals occurred after a reentrancy attack on the Curve Finance platform. The vulnerability was discovered during the weekend, leading to a significant loss of funds.

A reentrancy attack is a security breach that causes a potential loss of funds from uninterrupted contract calls. Major outflows were recorded as a result of interactions that manipulated the reentrancy vulnerability in certain  Vyper compiler versions. In a tweet released by Vyper, specific versions of Vyper, such as 0.2.15, 0.2.16, and 0.3.0, were vulnerable to malfunctioning reentrancy locks. 

In response to the attacks, Upbit released a volatility warning advising their customers “…to be mindful of the increased price volatility of CRV.” The platform called for caution, asking users to conduct due diligence while considering any investment connected to the token. To ensure safety, the platform noted that it would temporarily suspend its CRV deposit and withdrawals. 

Following the attack, other cryptocurrency exchanges, like OKX, issued warnings to customers. According to details obtained from its landing page, OKX advised users to be cautious of the risks involved while trading the token, as OKX “will not be held responsible for any trading losses.” 

Users Of Binance Exchange Unaffected

With news of the attack making rounds, the Chief Executive Officer of Binance, Changpeng Zhao, has come out to state that Binance is unaffected. According to details obtained from his X (formerly Twitter) account, he stated that “CEX price feed saves DeFi. Binance users are not affected. Our team checked on the Vyper Reentrant Vulnerability. We only use version 0.3.7 or above.” 

He further noted that his platform’s usage of a centralized price feed for DeFi tokens offers an extra layer of security. The CEO stressed that it was vital for users to always stay up-to-date with code libraries, operating systems, and applications.

As a result of the attack, Curve Finance released a statement noting that the incident affected particular stable pools, such as msETH, pETH, and aIETH via Vyper 0.2.15. However, its USD/CRV stablecoin pools were largely unaffected but the wider implication of the exploit worries users. 

Meanwhile, Curve DAO’s CRV token has experienced a sharp fall. The price has fallen by over 12% on daily charts, with a market cap of $557 million, according to data from CoinGeko.

Curve (CRV) price chart from Tradingview.com