Curve, a stablecoin exchange at the heart of decentralized finance (DeFi) on Ethereum, has been the victim of an exploit, according to a tweet from the project. Upwards of $100 million worth of cryptocurrency are at risk due to a “re-entrancy” bug in Vyper, a programming language used to power parts of the Curve system. Several stablecoin pools on the platform — used for pricing and liquidity on a number of different DeFi services — have been drained by hackers so far. Other projects that use the Vyper programming language could share the same vulnerability. As Asia opened its trading day, it was unclear how much had been drained from Curve as a result of the attack. BlockSec, a blockchain auditing firm, estimated the total losses above $42 million in a preliminary analysis posted to Twitter. Curve’s CRV token was recently trading at 62 cents, off more than 16% over the past 24 hours. It changed hands as low as 59 cents, a more than 19% decline late Sunday after the breach.