Malicious actors exploited a bug in a few versions of Vyper Compilers to drain funds from four pools on Curve Finance, including its largest pool CRV/ETH.