Curve Finance has ended governance token rewards for several liquidity pools following a series of exploits. According to the announcement, the pools include the ones that were affected in the July 30 Curve exploit and the July 6 Multichain exploit. Curve E-DAO carried out the process of ending the rewards, and it is a community made up of selective members of the Curve DAO governing body. The decision affected the pools of alETH+ETH, msETH-ETH, pETH-ETH, crvCRVETH, Arbitrum Tricrypto, and multibtc3CRV.
ATTENTION, FROM A CURVE E-DAO SIGNER:
The @CurveFinance emergency multisig has terminated CRV rewards (gauges) to the liquidity pools affected by recent exploits, including pools affected by the recent Vyper compiler exploit and the multiBTC pool affected by the recent…
— _gabrielShapir0 (@lex_node) August 2, 2023
However, there is a possibility of the decision being overridden in the future, but that would purely depend on a full vote of the Curve DAO. On July 6 this year, cryptocurrencies worth more than $100 million were withdrawn from several bridges that were a part of Multichain. At the time, the Multichain team highlighted that the withdrawals were abnormal and urged users not to use any of its services. Similarly, the Curve team also urged its users to exit Multichain assets such as multiBTC, and this implied that its own multibtc3CRV liquidity pool was at risk from the exploit.
Curve Continued to Generate Rewards Following the Attacks
On July 30, Curve Finance fell victim to a reentrancy attack in which crypto worth over $47 million was lost. The attack greatly affected the alETH, msETH, and pETH liquidity pools as these used the Vyper protocol that contained the vulnerability. With the news of the termination of rewards floating around, CURVE DAO has dipped by 2.40% in the previous 24 hours and the decline has pushed the trading price down to $0.5816.
Despite the attacks, the affected liquidity pools continued to generate governance token rewards, and this suggested that users had the possibility of depositing their tokens into the pools to earn rewards. In the recent announcement, it was stated that the emergency DAO has now entirely removed these rewards to avoid incentivizing further participation in the compromised pools.
It is a fact that investors had to suffer continuous attacks throughout July. The payment provider Alphapo lost more than $60 million on July 23 as a result of an attacker gaining access to the platform’s hot wallet keys. On July 25, zkSync also became a target of an exploit as $3.4 million were lost as a result of a read-only reentrancy bug.