Curve Hack Caused by Ethereum Programming Language Vyper Vulnerability

The reason for the Curve attack is determined to be a vulnerability in the Ethereum programming language Vyper.

At 12:44 AM, the Ethereum programming language Vyper tweeted that the reentrancy locks in versions 0.2.15, 0.2.16, and 0.3.0 had failed. At 12:45 AM, Curve's official Twitter stated that many stablecoin pools (alETH/msETH/pETH) that use Vyper 0.2.15 were targeted in the attack due to a failure in reentrancy locks.

Some community members pointed out that the version recommended in the Vyper official documentation was actually flawed. Vyper is a contract programming language designed specifically for the Ethereum Virtual Machine (EVM). It is considered one of the most widely used Web3 programming languages.

An error in the smart contract language layer means that almost all protocols using Vyper will be affected.