Aave’s exposure to Curve hack, explained

If CRV dips below 65%, it will be at risk of liquidation

article-image

Akif CUBUK/Shutterstock modified by Blockworks

share

Decentralized exchange Curve Finance saw exploits of over $70 million on Sunday, caused by a Vyper reentrancy lock malfunction. 

There had been a bug in versions 2.15 to 3.0 of the Vyper coding language, curvecap.lens explained in an X space. 

Vyper code incorporates built-in reentrancy protection, which prevented developers and auditors from noticing potential issues during external inspections.

Following the exploit, the price of CRV, Curve’s native token, dipped drastically, from roughly $0.73 to $0.62 in just a few hours. 

So what has Aave got to do with all of this?

Founder of Curve, Michael Egorov, has a loan of roughly $63 million in USDT using CRV as collateral on Aave v2. 

If the price of CRV dips below 65% based on risk parameters set by Aave (to roughly $0.32), it will be at risk of liquidation. At the time of writing, CRV price is currently situated at $0.55.

When liquidations do occur, collateral deposited by the borrower will be sold for the borrowed asset. In this case, this means that CRV will be sold for USDT, cascading into bad debt.

This concern has previously been flagged by Gauntlet, who had suggested freezing CRV and setting CRV’s loan to value (LTV) to zero on Aave v2.

“The amount of CRV concentrated on Aave, relative to the circulating supply of CRV, is already high. Given the limitations of V2 mechanisms, including the possibility of circumventing an LTV of 0, the only way to truly prevent more risk of this position is to prevent borrowing of all assets on V2,” Gauntlet wrote

This proposal ultimately did not pass

In light of the current situation, Marc Zeller, the founder of Aave-Chan Initiative, a delegate platform that contributes to AAVE governance, told Blockworks that Aave governance is aware of the CRV situation.

“The risks associated with it are gradually reduced in a stream of AIPs for the past months,” Zeller said. “Governance [is managing] this and [the] situation gradually is getting better.”

To prevent risks like this from occurring Zeller notes that users should migrate to Aave v3. 

“The old Aave [v2] doesn’t have caps and that is how this situation exists. V3 does and makes this kind of scenario impossible there,” he said.

Correction Aug. 15 2023 at 3:53 am ET: Egorov’s Aave loan at time of publication was $63 million not $70 million.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Javits Center North | 445 11th Ave

Tues - Thurs, March 24 - 26, 2026

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Unlocked by Template.png

Research

The march toward an interoperable and onchain-by-default internet depends on reliable messaging and value transfer across heterogeneous domains. Crosschain protocols now process >$1.3T in combined annual transfer volume and secure tens of millions of user interactions, yet no single design dominates.

article-image

The goal, per Santiago Santos, is to make crypto a relatable piece of tech for people who may not even understand it

article-image

Stripe stablecoin unit aims to operate under a federal charter enabling regulated stablecoin issuance and custody services

by Blockworks /
article-image

Will TradFi make crypto better or create more problems than it solves?

article-image

Subtle decisions by risk curators saved Aave from significant turmoil

article-image

The new Rootstock Institutional unit aims to connect professional investors to Bitcoin-native yield and liquidity strategies anchored in BTC’s security layer

by Blockworks /
article-image

DOJ files record civil forfeiture against more than 127,000 BTC linked to scam activity

by Blockworks /