Alchemix, a DeFi lending protocol, has reported an attack on its alETH/ETH Curve Finance liquidity pool resulting in approximately 5,000 ETH losses. The protocol confirmed that its treasury funds remain secure and unaffected by the incident.
Incident Overview
- Cause: A Vyper compiler vulnerability exploited in Curve Finance's pool contracts.
- Response: Alchemix promptly removed AMO-controlled liquidity via its smart contracts.
- Impact: ~5,000 ETH lost from alETH reserves; no Alchemix contract breaches occurred.
Key Actions Taken
- Withdrew LP tokens from Convex (completed)
- Removed 8,000 ETH from Curve pool (partial success)
- Attempted extraction of remaining 5,000 ETH (interrupted by attacker)
๐ Learn how DeFi protocols mitigate risks
User Safety Measures
- Alchemix Treasury: Fully secured
- LP Providers: Advised to withdraw from vulnerable pools immediately
- alETH Holders: Face price uncertainty; avoid depositing in affected pools
Vulnerable Pools
| Pool | Status | Recommendation |
|---|---|---|
| alETH/ETH Curve | Compromised | Withdraw now |
| Saddle Finance alETH | Technically safe | Monitor closely |
FAQs
Q: Is my Alchemix-deposited ETH at risk?
A: No. Only Curve pool LPs were affected. Treasury contracts remain secure.
Q: What should alETH holders do?
A: Avoid trading/supplying liquidity until price stability returns.
Q: Will Alchemix compensate LP losses?
A: No announcements yet. Follow official channels for updates.
Q: How was the attack executed?
A: Via a Vyper language flaw in Curve's pool contracts, unrelated to Alchemix's code.
๐ Understand DeFi security best practices
Recommendations
- Withdraw from alETH/ETH Curve and frxETH pools
- Avoid alETH-ETH trades during volatility
- Monitor Alchemix Twitter for incident updates
This report excludes promotional content and adheres to strict security guidelines.