On July 2023, Curve was exploited in a reentrancy, resulting in approximately $41M in losses. That makes the Curve exploit the 15th largest DeFi incident out of 690 documented in our archive.
Attack Mechanics: How the Curve Reentrancy Played Out
Exploit Class Applied to Curve
The Curve incident on July 30, 2023 is classified as a Reentrancy. A malicious contract re-enters a vulnerable function before state is updated, letting it drain funds multiple times. In the full archive, Curve is 1 of 51 documented reentrancy incidents.
Curve in Context
The $41M loss at Curve is the largest reentrancy incident in our archive, ahead of LendfMe (2020, $25M).
Prior Reentrancy Before Curve
The nearest reentrancy incident before Curve was Conic Finance, 9 days earlier on July 21, 2023 ($3.25M lost). The same exploit class surfaced again within the reentrancy attack surface.
Curve Vulnerability Signature
The primary source categorises the Curve exploit specifically as “Vyper Compiler Bug && Reentrancy”. This narrower label is entity-specific: it reflects how the Curve contract failed, rather than the broad reentrancy pattern alone.
Impact & Recovery for Curve
Curve Loss Figure
The Curve exploit caused $41,000,000 in losses — a major ($10M–$100M) incident and the 5th largest of 214 documented in 2023. This single incident represents 6.4% of all tracked losses that year.
Where Curve Sits Among Reentrancy Attacks
Ranked by loss size, Curve is the 1st largest of 51 reentrancy incidents documented. That puts the Curve loss above the class average of $2.87M.
Timeline Since the Curve Incident
The Curve exploit occurred 2.7 years ago (989 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.
Primary Reference for Curve
Public post-mortem / on-chain analysis for the Curve incident: view source.
FAQ
How much did Curve lose?
The Curve exploit in July 2023 resulted in $41,000,000 in losses — the 5th largest of 214 DeFi incidents that year.
When did the Curve hack happen?
The Curve exploit was recorded on July 30, 2023 — 989 days ago.
What type of exploit hit Curve?
The Curve incident is classified as a Reentrancy. A malicious contract re-enters a vulnerable function before state is updated, letting it drain funds multiple times.
How common is the Reentrancy pattern seen at Curve?
Our archive contains 51 documented reentrancy incidents. The Curve incident is one of them.
How does Curve compare to the largest Reentrancy attack?
The largest reentrancy incident in our archive is LendfMe (2020) at $25M. The Curve loss is $41M.
What does UC stand for in the context of SALRS?
Universal Composability.
What is the significance of using Raspberry Pi in the proposed system?
Raspberry Pi serves as an affordable and efficient platform for deploying IoT sensors and integrating them with the blockchain.