After a similar exploit hit the Decentralized Finance (DeFi) protocol, Curve Finance, the BNB Smart Chain (BSC) has reportedly encountered parallel attacks. This situation arises from a vulnerability detected in the Vyper programming language.
On July 30, amidst ongoing Ethereum exploits, BlockSec, a blockchain security firm, tweeted that an estimated $73,000 in cryptocurrencies had been stolen on the BSC through three separate exploits.
These exploits echo recent attacks on liquidity pools on Curve Finance that have accumulated losses surpassing $41 million as per the current estimates by BlockSec. The vulnerability is attributed to a defective reentrancy lock in Vyper versions 0.2.15, 0.2.16, and 0.3.0, commonly used by numerous DeFi pools.
As one of the most prominent programming languages used for Web3 projects, Vyper, designed for the Ethereum Virtual Machine, could potentially impact other protocols reliant on the flawed Vyper versions.
Ever since the news of the exploit emerged, white hat and black hat hackers have been engaging in an on-chain battle, trying to disrupt each other’s exploit attempts or recover fund efforts.
One alleged whitehat hacker, recognized as “c0ffebabe.eth,” has reportedly managed to secure some funds for protection. On July 30, c0ffebabe.eth sent an on-chain message inviting affected protocols to get in touch to arrange the return of funds.
To date, this wallet has successfully returned approximately 2,900 Ether (ETH) worth more than $5 million to Curve according to one transaction, as recorded in the blockchain. Another transaction witnessed c0ffebabe.eth transferring 1,000 ETH to what seems to be a freshly minted wallet, presumably the cold wallet mentioned earlier.
Get $200 Free Bitcoins every hour! No Deposit No Credit Card required. Sign Up