The BNB Smart Chain (BSC) recently experienced copycat attacks due to a vulnerability in the Vyper programming language, similar to the exploit faced by the decentralized finance (DeFi) protocol Curve Finance.
Blockchain security firm BlockSec reported on July 30 that approximately $73,000 worth of cryptocurrencies on BSC were stolen across three separate exploits.
The exploitation of liquidity pools on Curve Finance also led to significant losses, surpassing $41 million, as estimated by BlockSec.
The root cause of the vulnerability was identified as a malfunctioning reentrancy lock in Vyper versions 0.2.15, 0.2.16, and 0.3.0, which are widely used by various DeFi pools.
Since Vyper is designed for the Ethereum Virtual Machine, it is plausible that other protocols utilizing these versions might also be affected.
Following the news of the exploit, both white hat and black hat hackers engaged in on-chain activities, attempting to thwart each other’s exploit attempts or recover funds.
One individual, known as “c0ffebabe.eth,” seemed to act as a potential white hat and secured some funds for safekeeping.
READ MORE: Worldcoin’s Iris Scanning Project Raises Privacy and Sovereignty Concern
On July 30, this individual issued an on-chain message requesting affected protocols to contact them in order to arrange the return of funds.
To date, “c0ffebabe.eth” has returned nearly 2,900 Ether (ETH), equivalent to approximately $5 million, to Curve in one transaction.
Another transaction saw them moving 1,000 ETH to a seemingly newly-created wallet, likely the cold wallet mentioned earlier for additional safekeeping.
The situation has raised concerns about the security of Vyper and its implications for other Web3 projects.
Given the wide adoption of this programming language, it is crucial for developers and protocols to be vigilant about potential vulnerabilities and promptly address them to protect user funds.
In conclusion, the BNB Smart Chain faced copycat attacks due to a Vyper programming language vulnerability, echoing the exploit witnessed on the Curve Finance DeFi protocol.
The incident has underscored the importance of robust security measures in the rapidly evolving landscape of decentralized finance and serves as a reminder for projects to prioritize the safety of their users’ assets.
Other Stories:
Kyrgyzstan Expands Cryptocurrency Mining with Government Backing at Hydro Power Plant
French Data Protection Agency Investigates Worldcoin
Pro-XRP Lawyer Alleges SEC’s Actions Driven by Safeguarding Corporate Capitalism
