Moonrock Capital
6 min readAug 1, 2023


The DeFi space encountered a major crisis on the recent Sunday when Vyper, a renowned “pythonic smart contract language,” disclosed a critical vulnerability in its compiler for EVM applications. The fallout resulted in a series of compromises on multiple protocols, leaving the beloved DeFi project, Curve, among the unfortunate victims. An estimated $70 million was displaced during the exploit, with whitehat hackers and altruistic MEV bots recovering a portion, but the majority falling into the hands of the exploiters.


The Crisis Deepens

Despite the closing of the initial chapter of this exploit, the DeFi sector faces the possibility of a significant contagion event. The situation revolves around Egorov, who borrowed $110 million in stablecoin loans against 460 million Curve Finance governance tokens (CRV) across various protocols.


With nearly $70 million of the outstanding loan collateralized by a massive 34% of the circulating CRV supply, the potential for liquidation poses a serious threat. This scenario has led to lenders fearing protocol insolvency, causing them to withdraw deposits and trigger higher interest rates. The looming liquidation time bomb is a ticking clock, leaving protocols in jeopardy with limited time to find a solution.

$CRV Liquidity Crisis

The attack on the CRV/ETH pool resulted in a draining of liquidity, making bad debt almost inevitable in the event of liquidation. With liquidity thinner than ever, the implications extend beyond the on-chain impacts, potentially affecting multiple governance tokens of lending platforms and stablecoin issuers that accept CRV as collateral. The risk of price depreciation and sell pressure looms over these tokens, putting them in a precarious position.

The CRVball Trading Idea

The exploit caused the CRV token’s on-chain value to plummet, creating an opportunity for traders looking to capitalize on the oversold and emotionally skewed market sentiment.

While the risk of liquidation remains concerning, the short-selling activity appears bullish, with increasing open interest and resistance to downward price movement. Korean exchanges temporarily suspended CRV withdrawals and deposits, causing price fluctuations and possible arbitrage opportunities.

The Crucial Long $CRV Strategy

The CRV token previously experienced a short squeeze when founder Michael Egorov borrowed $63 million in USDT against CRV collateral. Risk analytics companies proposed freezing CRV collateral to avoid liquidation, but previous events showed the challenges in executing such actions effectively.

Justin Sun For The Rescue?

Today Egorov has reportedly engaged in over-the-counter transactions with multiple crypto entities, leading to the sale of significant amounts of Curve tokens. This information is based on blockchain data and a source familiar with the matter.

According to the blockchain data, Egorov sold 5 million CRV tokens to Justin Sun, the founder of Tron. Additionally, 4.25 million CRV tokens were sold to a crypto trader identified as DCFGod, as noted by DeFi analysts at Lookonchain. Furthermore, Egorov reportedly sold 3.75 million CRV tokens to NFT owner Jeffrey Huang, known as Machi Big Brother, 2.5 million CRV tokens to crypto investors DWF Labs, and another 2.5 million CRV tokens to the DeFi project Cream Finance.

Further insights suggest that Mechanism Capital co-founder Andrew Kang and Sifu, previously associated with the Quadriga saga, may also be participating in subsequent OTC sales. Andrew Kang stated that the situation is still under discussion and could not be confirmed at the moment. On Twitter, Sifu mentioned a six-month lock-up period for the tokens but did not address his potential involvement in the transactions.

Additional blockchain data indicates other transactions, including a significant transfer of 17.5 million CRV tokens to a particular wallet, some of which were subsequently sent to the exchange Binance. Moreover, a transfer of 2.5 million CRV tokens to another wallet appears to have been funded by Wintermute, a potential customer of theirs.

Based on the information available, it is estimated that Egorov has sold a total of 39.25 million CRV tokens, and in return, has received 15.8 million USDT.

The transaction price of the tokens is reported to be $0.40, reflecting the monetary value exchanged during the transactions. The source indicates that there is an agreement involving a three to six-month lockup period for the tokens, during which they cannot be freely traded. Alternatively, should the price of CRV tokens rise to $0.80 on the open market, they may be released from the lockup and traded at that higher value.


The DeFi ecosystem faces a perilous situation as vulnerabilities in CRV and its collateralization risk threaten the entire space. While the exploit presents opportunities for risk-tolerant investors, caution remains essential in navigating this uncertain landscape. The risk of contagion and potential for further cascading effects warrant a careful reassessment of asset allocations, while traders should be prepared for further developments in this evolving crisis.

In the face of mounting uncertainty, the DeFi community must come together to address the fundamental issues that allowed the exploit to occur in the first place. It is essential to collaborate on finding a robust solution to prevent future attacks and strengthen the security of DeFi protocols. The incident with CRV highlights the need for constant vigilance and proactive risk management in the ever-changing DeFi landscape.

Furthermore, the vulnerability in Vyper’s compiler raises concerns about the overall security of smart contract languages used in DeFi. This incident serves as a wake-up call for the DeFi community to invest more resources in auditing and testing smart contracts before they go live on mainnet. Ensuring the reliability and security of smart contract languages will significantly reduce the risk of future exploits.

As the fallout from the CRV exploit continues to unfold, market participants should exercise caution when dealing with collateral assets and carefully assess the risks involved. It is crucial to conduct thorough due diligence on the protocols and assets you interact with in the DeFi space. Relying on trusted and reputable projects with a strong track record of security can significantly mitigate the risk of falling victim to vulnerabilities.

Moreover, this crisis underscores the need for robust insurance mechanisms and risk management strategies within DeFi protocols. Protocols must implement comprehensive insurance and contingency plans to protect user funds in the event of an attack. By incorporating these safety measures, the DeFi sector can enhance its resilience and instill greater confidence among investors.

The crisis surrounding CRV serves as a stark reminder that DeFi, while promising and innovative, is still an emerging and evolving sector. Participants should approach it with both enthusiasm and caution. While it offers new opportunities for financial inclusion and decentralized governance, it also presents unique challenges and risks that demand thoughtful consideration.

In conclusion, the recent CRV exploit has put the DeFi ecosystem on high alert. It is a wake-up call for the community to prioritize security, collaborate on risk management, and be proactive in addressing vulnerabilities. By learning from this incident, the DeFi sector can build stronger, more resilient protocols that will pave the way for a safer and more sustainable future of decentralized finance.

Who We Are

Moonrock Capital is a Blockchain Advisory and Investment Firm, incubating and accelerating early stage startups since 2019.



Disclaimer: None of the information contained here constitutes an offer (or solicitation of an offer) to buy or sell any currency, product or financial instrument, to make any investment, or to participate in any particular trading strategy.



Moonrock Capital

Moonrock Capital is a Blockchain Advisory and Investment Firm, incubating and accelerating early stage startups since 2019.