DeFi Dead? Chainlink Saves Curve Founder's Australian Mansion?
TechFlow Selected TechFlow Selected
DeFi Dead? Chainlink Saves Curve Founder's Australian Mansion?
You say DeFi is gone, which isn't sad enough; what's sadder is if blockchain itself no longer exists.
Navigating Web3 tides with focused insightsBy: TechFlow Cleaners
July 30—a night of DeFi terror once again.
21:10, pETH-ETH attacked
22:50, msETH-ETH attacked
23:34, alETH-ETH attacked
03:08, CRV-ETH attacked
……
According to monitoring by security firm PeckShield, as of 7:26 AM Beijing time on July 31, the Curve Finance stablecoin pool hack had caused cumulative losses of $52 million across Alchemix, JPEG'd, MetronomeDAO, deBridge, Ellipsis, and the CRV/ETH pool.
As a cornerstone of the DeFi ecosystem, this incident at Curve Finance led many to exclaim “DeFi is dead,” with Shen Yu tweeting that winter is coming.
Where did the security breach originate?
According to the Curve Finance team, it was due to a reentrancy lock failure in certain versions of Vyper, Ethereum’s programming language. Many stablecoin pools using Vyper 0.2.15 (alETH/msETH/pETH) were compromised, while the crvUSD contract and other pools remained unaffected.
Vyper is a relatively new Ethereum development language created in 2017. Before Vyper, Solidity was the most widely used language for writing smart contracts. Compared to Solidity, Vyper is theoretically simpler and more secure. Projects built with Vyper include Uniswap v1, the first ETH 2.0 deposit contract, and Curve Finance.
Currently, the newer version of Vyper has patched the vulnerability. However, the compromised Curve pools’ contracts are not upgradeable.
Thus, the root culprit is actually the underlying programming language—Vyper—not Curve itself. Many breathed a sigh of relief, thinking claims of “DeFi is dead” may be overblown. But upon second thought, they shivered again: “Compared to application-level flaws, vulnerabilities in foundational languages are far more terrifying!”
Crypto KOL CM tweeted: “Curve got hacked due to a technical issue with Vyper—an existential blow. This isn't about protocol design or smart contract flaws anymore. If Solidity could suffer similar issues, then no on-chain applications would be safe. So when you say DeFi is gone, that's not sad enough—the real tragedy would be if blockchain itself ceased to exist.”
In today’s world dominated by Ethereum’s EVM, security remains a Damocles sword hanging over every project. Since its inception, Solidity has seen numerous security incidents—reentrancy attacks even led to Ethereum forking into ETH and ETC (Classic). Yet Solidity has built strong ecosystem moats, both in developer tools and community.
Much like how MetaMask is criticized for poor user experience but still can’t be displaced by alternatives offering better UX, newer blockchains touting faster speeds and higher security have failed to dethrone Ethereum’s EVM dominance.
Still, we continue to hope for challengers to emerge—otherwise, a world where everyone just follows Vitalik blindly would be too boring.
Amidst CRV plunging 15%, another major concern emerged: the debt positions of CRV founder Michael Egorov across various lending protocols.
Following the hack, Egorov quickly repaid part of his loans across platforms and increased his CRV collateral.
According to crypto researcher 0xLoki, Egorov has currently pledged over 292 million CRV tokens (worth $181 million), borrowing $110 million in total:
1. Pledged 190 million CRV on Aave, borrowed $65 million, liquidation price at $0.37;
2. Pledged 46 million CRV on Fraxlend, borrowed 21 million FRAX, liquidation price at $0.40;
3. Deposited 40 million CRV on Abracadabra, borrowed $18 million, liquidation price at $0.39;
4. Deposited 16 million CRV on Inverse, borrowed $7 million, liquidation price at $0.40.
From on-chain data, CRV briefly dropped to $0.08 but triggered no liquidations because Aave uses Chainlink oracles for price feeds.
Specifically, Chainlink does not rely solely on on-chain data but uses volume-weighted average price (VWAP), aggregating data from each exchange (CEX/DEX) and weighting them proportionally by trading volume. Data aggregators also account for differences between exchanges—such as market depth, latency, and spreads—and filter out anomalies like flash crashes, wash trades, and outliers so they don’t distort final aggregated values. Thus, short-term on-chain price anomalies did not trigger liquidations of CRV collateral.
Additionally, according to Aave V2’s official technical documentation, they first call Chainlink’s price feed; if the price is below or equal to zero, they fall back to their own backup oracle—though it’s unclear whether $0.08 qualifies under this threshold.
Either way, Chainlink arguably saved Curve—and perhaps even Michael’s mansion in Australia.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
深潮TechFlow
