BNB Smart Chain (BSC) experienced “copycat” attacks due to a Vyper programming language flaw, leading to approximately $73,000 in stolen cryptocurrencies.
BlockSec reports that while most exploit activity has targeted Ethereum-based protocols, BNB Smart Chain has also faced similar copycat exploits.
The BNB Smart Chain (BSC) experienced copycat attacks related to a vulnerability in the Vyper programming language, mirroring the exploit on Curve Finance, a decentralized finance (DeFi) protocol.
On July 30, Blockchain security firm BlockSec disclosed that approximately $73,000 worth of cryptocurrencies were stolen through three exploits on BSC.
Concurrently, similar exploits on Curve Finance liquidity pools resulted in losses exceeding $41 million, as estimated by BlockSec.
The sheet updated. Losses have already ~$41m!https://t.co/lCaS4uEPzm https://t.co/stQYNJFS7y pic.twitter.com/P7jG8NHnV4
— BlockSec (@BlockSecTeam) July 30, 2023
The vulnerability stemmed from a malfunctioning reentrancy lock in Vyper versions 0.2.15, 0.2.16, and 0.3.0, which were widely utilized by several DeFi pools.
This programming language, extensively used for Web3 projects, was primarily designed for the Ethereum Virtual Machine. Its flaw could potentially impact other protocols relying on the affected Vyper versions.
Following the news of the exploit, both white hat and black hat hackers engaged in on-chain battles to disrupt each other’s exploit attempts or recover funds. One potential whitehat, known as “c0ffebabe.eth,” managed to secure some funds for safekeeping.
On July 30, they sent an on-chain message inviting affected protocols to reach out for assistance in organizing the return of funds.
Excellent news!!! hopefully we can get it backhttps://t.co/sElKdYniT1 pic.twitter.com/AEldRorQaq
— Addison (@0xaddi) July 30, 2023
The wallet has already returned nearly 2,900 Ether, valued at over $5 million, to Curve, as per a single transaction.
5M returned back to @CurveFinance pic.twitter.com/BPAvE1ZOZY
— Kgjr (clueless333) (@KGJRTG) July 30, 2023
In another transaction, c0ffebabe.eth transferred 1,000 ETH to a seemingly newly-created wallet, which is likely the cold wallet they previously mentioned.
Important: Please note that this article is only meant to provide information and should not be taken as legal, tax, investment, financial, or any other type of advice.
Join Cryptos Headlines Community
Follow Cryptos Headlines on Google News and Threads App