The BNB Smart Chain (BSC) has reportedly experienced copycat attacks due to a vulnerability in the Vyper programming language, similar to the recent exploit on the decentralized finance (DeFi) protocol Curve Finance. According to a tweet from blockchain security firm BlockSec on July 30, around $73,000 worth of cryptocurrencies on BSC have been stolen across three exploits. This comes as similar exploits on Curve Finance liquidity pools have resulted in losses exceeding $41 million.
The vulnerability in the BSC was caused by a malfunctioning reentrancy lock on specific versions of the Vyper programming language (0.2.15, 0.2.16, and 0.3.0). Vyper is widely used for Web3 projects and was designed for Ethereum Virtual Machines (EVMs). As a result, the vulnerability could potentially affect other protocols that utilize the affected Vyper versions.
Following news of the exploit, both white hat and black hat hackers have been engaging in on-chain activities to disrupt each other’s exploit attempts and efforts to recover stolen funds. A white hat hacker known as “c0ffebabe.eth” has managed to secure some funds for safekeeping. On July 30, they sent an on-chain message requesting affected protocols to contact them to arrange for the return of funds.
So far, c0ffebabe.eth has returned nearly 2,900 Ether (ETH) worth over $5 million to Curve through one transaction. Another transaction saw them move 1,000 ETH to what appears to be a newly-created wallet, likely a cold wallet mentioned earlier for secure storage.
These copycat attacks on BSC highlight the importance of robust security measures within the DeFi space. As the popularity and adoption of decentralized finance continue to grow, it becomes critical for developers and platform operators to address vulnerabilities promptly and ensure the safety of user funds. The ongoing battle between white hat and black hat hackers also underscores the constant need for vigilance and proactive security efforts in the cryptocurrency ecosystem.
In conclusion, the BNB Smart Chain has been targeted by copycat attacks due to a vulnerability in the Vyper programming language, similar to recent exploits on Curve Finance. The stolen funds amount to approximately $73,000, adding to the significant losses suffered by Curve Finance due to similar attacks. White hat hackers have stepped in to recover and secure funds, returning a substantial amount to Curve. This incident serves as a reminder of the importance of strong security measures in the DeFi space and the ongoing need for proactive efforts to protect user funds in the cryptocurrency ecosystem.
Source link