We recently identified a hack executed across a body of smart contracts in the “savings pools” that have been audited twice. We are working with security specialists and on-chain analytics providers and aim to make a more detailed statement shortly.
However, in a follow-up tweet, the DeFi protocol assured users that its staking pools were safe and that the hack affected only the Y and sUSD Curve pools:
Staking pools are safe, the hack only affected Curve Y and Curve sUSD savings pools
The hacker also drained the pool of $2 million in DAI tokens, which was transferred to a different address as seen below:
The stolen funds have not yet been moved at the time of writing. Despite being an audited protocol, by blockchain auditing firm CertiK, the project still came under attack by cybercriminals, which got one Twitter user going by the name CrytoKd to even doubt the audit company’s abilities.
Moreover, several other DeFi projects have been targeted by bad actors. In fact, according to security firm CipherTrace, crime in the DeFi sector had increased this year even though thefts, hacks, and fraud reduced by $1.8 billion overall across cryptocurrency and blockchain projects.