A tumble in the native token of key decentralized cryptocurrency exchange Curve Finance sapped sentiment toward digital assets on concern that the episode could lead to wider turbulence.
Curve’s CRV coin has shed about 25% over three days after a hack on the platform. Its founder Michael Egorov has borrowed over $100 million across various crypto lending projects, backed by CRV. The worry is more CRV declines could foment losses by sparking forced liquidations of the loan positions.
“If we move lower still and these liquidation levels are hit, we could see a domino effect” across the decentralized finance sector, said Stefan von Haenisch, head of sales trading at OSL SG Pte in Singapore.
The amount of crypto using the Curve Finance service, the second-largest decentralized — or DeFi — digital-asset exchange, is down to $1.9 billion from $3.6 billion since the hack was revealed on Sunday, DefiLlama data shows.
Egorov earlier said the DeFi industry will survive the security incident. “We, and I personally, work on minimizing or eliminating the impact,” he wrote in an email, adding that he is also planning to reduce his loans.
CRV fell almost 14% on Tuesday before paring the retreat to trade at about 56 US cents as of 2:15 p.m. on Tuesday in Singapore. Wider crypto markets also struggled, including drops of about 1% in Bitcoin and Ether.
Figures from DeFi portfolio tracker DeBank indicate Egorov took a $63 million loan in the Tether stablecoin via a DeFi platform known as Aave, and that over 300 million CRV tokens worth some $168 million back the borrowing.
Aave’s Slide
A significant chunk of the collateral is at risk of being liquidated if the CRV token drops to 37.5 US cents, according to DefiLlama. Aave’s eponymously named native token has dropped 14% in the past three days.
An Aave spokesperson didn’t immediately respond to a request for comment.
Curve Finance is viewed as one of the most important liquidity providers in DeFi, especially for stablecoins. Digital-asset security firm BlockSec estimated that hackers took $47 million in the attack on the protocol.
People who exploit vulnerabilities in networks and alert organizations to fix them — so-called white-hat hackers — may have been involved in the incident, according to Will Sheehan, founder of crypto data provider Parsec Finance.
Curve identified four main liquidity pools that had been hacked, the result of a vulnerability in Vyper, a programming language used in DeFi applications.
DeFi relies on blockchain-based software known as smart contracts, rather than Wall Street-style middlemen, to facilitate activities like trading or lending. The risk of security breaches remains a major challenge for such services.
--With assistance from Muyao Shen.