BNB Smart Chain hit with copycat Vyper attack, $73K exploited

    31 Jul 2023
    228 Views

    While Ethereum-based protocols have been hit with the majority of the exploit activity, BNB Smart Chain has also seen similar copycat exploits, according to BlockSec.

    The BNB Smart Chain (BSC) has reportedly suffered copycat attacks due to a vulnerability in the Vyper programming language, following a similar vein to the exploit on the decentralized finance (DeFi) protocol Curve Finance.

    Amid the exploits carried out on Ethereum, Blockchain security firm BlockSec tweeted on July 30 that around $73,000 worth of cryptocurrencies on BSC across three exploits had also been stolen.

    It comes as similar exploits targeting liquidity pools on Curve Finance have racked up losses exceeding $41 million, according to current BlockSec estimates.

    The vulnerability was caused by a malfunctioning reentrancy lock on Vyper versions 0.2.15, 0.2.16 and 0.3.0, which is used by a number of DeFi pools.

    The programming language is believed to be one of the most widely used for Web3 projects. It was designed for the Ethereum Virtual Machine and could affect other protocols that use the afflicted Vyper versions.

    Since news of the exploit broke, white hat and black hat hackers have been duking it out on-chain attempting to disrupt each other’s exploit attempts or efforts to recover funds.

    One potential whitehat, known as “c0ffebabe.eth,” was seemingly able to grab some funds to store for safekeeping. On July 30 they sent an on-chain message asking affected protocols to contact them to organize returning funds.

    So far, the wallet has returned nearly 2,900 Ether worth over $5 million to Curve according to one transaction.

    Another transaction saw c0ffebabe.eth move 1,000 ETH to what appears to be a newly-created wallet — likely the cold wallet that they mentioned earlier.

    Source: https://cointelegraph.com/news/vyper-copycat-exploit-on-bsc-bnb-smart-chain-curve

    Leave a Reply

    Your email address will not be published. Required fields are marked *