Alchemix Finance
Summary
Alchemix Finance is an Ethereum-based DeFi protocol that offers self-repaying loans, allowing users to deposit yield-bearing collateral and borrow synthetic assets whose debt is automatically paid down by the underlying yield. The protocol has experienced several notable security incidents since its February 2021 launch, including a June 2021 alETH transmuter bug (~2,700 ETH overclaimed), and a July 2023 Curve pool exploit (~$20M stolen and subsequently fully returned). Alchemix has maintained operational continuity through each incident and continues to develop a V3 upgrade with an active Immunefi bug bounty program.
Connected Entities
1 entities · 10 linked investigations- + 2 more
Timeline(12 events)
2021-02-01
Alchemix Finance launches on Ethereum mainnet, introducing self-repaying alUSD loans backed by Yearn yDAI vaults.
CoinDesk2021-06-14
iosiro researcher Ashiq Amien discloses a high-risk access control vulnerability in the AlchemistEth contract via Immunefi; bug is patched before exploitation, $7,500 bounty awarded.
iosiro2021-06-16
alETH transmuter bug discovered: misconfigured vault deployment causes ~2,262–2,700 ETH (~$5.3M–$6.5M) overclaimed by borrowers who could withdraw collateral without repaying loans. alETH contract paused within ~15 minutes.
CoinDesk2021-06-21
Alchemix launches voluntary alETH return portal, offering 1 ALCX per ETH/alETH returned plus an NFT for full returns. Over 50% of shortfall recovered within three days.
Alchemix Governance Forum2022-01-13
Runtime Verification delivers final V2 audit report following a seven-week engagement covering core AlchemistV2, TransmuterV2, and related contracts.
Alchemix Finance Medium2023-03-13
Euler Finance suffers a ~$197M flash loan hack. Alchemix reports no direct exposure; indirect exposure via yvUSDC/yvUSDT Yearn vaults is limited to approximately $1.38M through Idle and Angle integrations.
CryptoNewsZ2023-04-03
Euler Finance announces all recoverable funds from the March 13 hack have been returned by the exploiter, resolving indirect exposure risk for Alchemix and other affected protocols.
CoinDesk2023-07-30
Curve Finance liquidity pools exploited via a Vyper compiler vulnerability (versions 0.2.15–0.3.0). Alchemix's alETH–ETH pool loses 4,821 alETH and 7,258 ETH (~$20M). Alchemix pre-emptively removes 8,027 alETH before pool is fully drained.
Alchemix Finance Medium2023-08-03
Alchemix, Curve, and Metronome jointly offer the Curve exploiter a 10% recovery bounty to return stolen funds.
CoinDesk2023-08-05
All funds stolen from Alchemix's alETH–ETH Curve pool are returned by the exploiter following the bounty offer.
Alchemix Finance Medium2023-09-23
Security researcher Koiush submits a high-severity access control vulnerability in AlchemixHarvester to Immunefi; the bug could have enabled sandwich attacks on yield harvesting. Patched with no user fund impact; 1,000 ALCX bounty paid.
Immunefi2025-06-30
Alchemix reports Q2 2025 TVL of $45.35M (up 12.9% quarter-over-quarter), with protocol revenue of ~$780K and full operational continuity. V3 audit competition underway via Cantina.
Alchemix Finance MediumDecision Log
- hash: B6pEWp7iwix5Tdd3jBQVvLRVdhuceWTFn1xUNPtiReU2
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 5/31/2026, 6:58:36 AM
last updated: 5/31/2026, 6:58:41 AM
avoid.net — verified advice for a post-truth world