Key Points:
The attacks targeted liquidity pools on Curve, a popular automated market maker platform, resulting in the theft of millions of dollars worth of cryptocurrencies. The attackers exploited a vulnerability in Vyper, an alternative programming language for Ethereum smart contracts, as disclosed by Curve on Twitter.
However, the Binance team has confirmed that only versions 0.3.7 and above of Vyper are used on their platform, ensuring their users’ protection.
The vulnerability in question is a “re-entrancy” bug in Vyper, affecting parts of the Curve system. The bug allowed attackers to drain funds from several stablecoin pools on Curve Finance, resulting in significant losses that have already surpassed $50 million. Furthermore, Ancilia, a security firm, conducted an analysis and identified the affected contracts. They found that 136 contracts used Vyper 0.2.15 with reentrant protection, 98 contracts used Vyper 0.2.16, and 226 contracts used Vyper 0.3.0, all of which were susceptible to the attack.
According to the investigation, certain versions of the Vyper compiler failed to properly implement the reentrancy guard, a critical mechanism to prevent multiple functions from being executed simultaneously within a contract. This oversight enabled the reentrancy attacks, where hackers could potentially drain all funds from targeted contracts.
Vyper, a contract-oriented and pythonic programming language, is utilized to target the Ethereum Virtual Machine (EVM). Its resemblance to Python has made it an attractive choice for developers transitioning into the Web3 environment.
Several DeFi projects beyond Curve Finance were also affected by the attacks. Ellipsis, a decentralized exchange, reported that a limited number of stable pools using BNB were exploited due to an older Vyper compiler version.
In response to the security breach, Vyper advised all projects relying on the vulnerable versions (0.2.15, 0.2.16, and 0.3.0) to contact them immediately. Meanwhile, the investigation into the attacks continues, and the DeFi community remains vigilant to safeguard against further exploitation.
As the DeFi space evolves, maintaining up-to-date code bases, applications, and operating systems becomes paramount to ensure the security of users’ funds and the overall stability of decentralized finance protocols.
DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Want to learn about Bitcoin and Chainlink's prices? See why BlockDAG with its X1 app…
New ATH for Bitcoin’s average hashrate, combined with Bitcoin mining difficulty surpassing 100 trillion hashes,…
Bitcoin's price rose 3% to $70,200, influenced by excitement surrounding the US presidential election.
NY, United States of America, 5th November 2024, Chainwire
This Coincu's article presents a curated list of the top DePIN crypto projects with airdrop…
Polymarket user identified only as "wallet mobile" has just made an astonishing bet of $10…
This website uses cookies.