Cybercriminals have exploited a flaw in the BNB Smart Chain's (BSC) Vyper programming language, leading to a disturbingly similar scenario of theft as seen in the DeFi protocol Curve Finance. This loophole in Vyper, a programming language integral to many Web3 projects, opened the gates for malicious activities, triggering a rash of duplicate attacks across the cryptocurrency landscape.
This digital heist on the BSC resulted in the loss of approximately $73,000 in cryptocurrency value, as announced by BlockSec, a leading blockchain security enterprise, on July 30. This plundering incident comes on the heels of similar attacks on Curve Finance's liquidity pools, leading to an alarming cumulative loss of over $41 million, as per BlockSec's latest analysis.
The specific vulnerability exploited resides in a defective reentrancy lock in the Vyper versions 0.2.15, 0.2.16 and 0.3.0. These versions are widely adopted by numerous DeFi pools. Notably, Vyper was crafted for the Ethereum Virtual Machine and any protocol using the compromised versions could be at risk.
Following the reveal of this cybersecurity issue, a race ensued between white hat and black hat hackers. They've been engaged in a cyber battle, each group aiming either to exploit the weakness further or to salvage the ravaged funds.
An individual going by the online pseudonym "c0ffebabe.eth," suspected to be a white hat hacker, seems to have made some headway in securing the stolen funds. They issued an on-chain message on July 30, imploring affected protocols to reach out to them to initiate the process of returning the funds. To date, the individual has reportedly restored nearly 2,900 Ether (ETH) valued over $5 million to Curve, as evidenced by a transaction. In a separate transaction, c0ffebabe.eth moved 1,000 ETH to a presumably fresh wallet, most likely the cold wallet mentioned earlier.
Comment 0