- A contentious vote to fund Aave Labs passed narrowly, causing major service provider ACI to leave the DAO in protest.
- A lending market on Curve Finance‘s LlamaLend was exploited in a donation attack, which had the unintended upside of repegging the crvUSD stablecoin.
- Two separate zero-knowledge proof projects were exploited for a combined ~$2.27 million due to a common, simpler bug in their setup.
- Lido Finance temporarily closed its wstETH bridge to ZKsync due to a security scare, pending an audit and governance vote.
Last weekend, a pivotal governance vote saw Aave Labs secure funding for its Aave Will Win Framework. However, delegate Marc Zeller of ACI claimed the community actually rejected it before being overridden by whale votes. Consequently, ACI announced its departure from the protocol.
Meanwhile, the sDOLA/crvUSD market on Curve Finance‘s lending platform suffered a donation attack. The incident was initially misunderstood before Curve‘s investigation clarified the mechanics. Interestingly, the resulting buy pressure repegged the crvUSD stablecoin.
Separately, a security review followed exploits on two ZK projects, Veil.Cash and Foom.Cash. The combined losses totaled approximately $2.27 million, though most funds were later returned to the latter project. This highlighted a focus on complex code over simpler setup bugs.
In other security news, Lido Finance closed its wstETH bridge due to a potential vulnerability. The project stated deposits will resume after an audit and a governance vote. Furthermore, OpenZeppelin audited an AI security tool, criticizing its high false-positive rate.
Additionally, Solv Protocol was exploited for $2.7 million via a double-minting flaw. The protocol acknowledged the hack and promised to reimburse the fewer than ten affected users. A researcher later claimed an AI coding assistant spotted the bug in just two minutes.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
