Curve emergency DAO revoked CRV rewards for alETH, msETH, pETH, crvCRVETH, Arbitrum Tricrypto, and multiBTC pools.
An Aug. 2 social media statement from a member of Curve Finance’s governing board stated that governance token incentives for certain liquidity pools affected by the July 30 Curve vulnerability and July 6 Multichain exploit had been terminated.
Curve E-DAO, a committee of Curve DAO governing body members, ended rewards. The notice said it affected alETH+ETH, msETH-ETH, pETH-ETH, crvCRVETH, Arbitrum Tricrypto, and multibtc3CRV pools. A Curve DAO full vote can overturn the decision.
Gabriel Shapiro of Curve E-DAO announced the modification.
On July 6, Multichain protocol bridges withdrew about $100 million in cryptocurrencies. The Multichain staff called withdrawals “abnormal” and advised consumers to avoid using Multichain. The Curve team advised users to “Exit multichain assets such as multiBTC (including the pool),” meaning that its multibtc3CRV liquidity pool was at risk from the Multichain event.
On July 14, the Multichain team said that an unknown person had hacked its CEO’s cloud computing account and withdrawn cash, meaning that the monies may never be recovered.
Reentrancy attacks hit Curve Finance on July 30. The hack lost $47 million in crypto. The Vyper protocol that formed the alETH, msETH, and pETH pools was vulnerable to the assault. Non-Vyper Curve pools were unaffected.
The exploited pools still awarded Curve DAO (CRV) governance tokens. Users could still deposit tokens into pools for CRV. Shapiro announced on Aug. 8 that the emergency DAO withdrew these payouts to “avoid incentivizing further participation in these compromised pools.”
July and August saw more investor hacks and scams. Alphapo lost $60 million on July 23 after an intruder stole its hot wallet private keys. The company has not verified the incident, but on-chain sleuths say the transfers are irregular and likely hacked. Read-only reentrancy issue exploited zkSync for $3.4 million on July 25.