Prior exploit count
Curve Finance's assessment for RD-F-077 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Two documented incidents: (1) 2022-08-09 DNS hijack ($575K, off-chain frontend); (2) 2023-07-30 Vyper compiler reentrancy exploit (~$73.5M gross, ~$52M net after recovery). Two incidents over 6+ years at >$1B TVL is a below-average incident rate but non-zero. Yellow (not green for 0 incidents; not red for <3 incidents).
Sources #
- GitHubCurve Finance DNS Hijack — hacksdatabasehacksdatabase/hacks/curve-finance-rekt.md — DNS hijack 2022-08-09, $575Kretrieved 2026-04-28
- Curve Pool Reentrancy Exploit Postmortem July 30th, 2023LlamaRisk post-mortem July 2023retrieved 2026-04-28
- Curve Finance Vyper Exploit — hacksdatabasehacksdatabase/hacks/curve-vyper.md — Vyper exploit 2023-07-30, ~$73.5M grossretrieved 2026-04-28
Methodology #
Count the number of distinct incidents in the hack database affecting this protocol.
See the full factor methodology and distribution across all protocols →
rubric_version v1.7.0 protocol curve-v2 factor RD-F-077 score yellow collected_at 2026-04-28 19:48:40