Shockwave Hits BNB Smart Chain as its Vulnerability Gets Exposed
Security flaw in Vyper programming language leads to crypto thefts on BNB Smart Chain and DeFi protocol Curve Finance.
The BNB Smart Chain (BSC)has reportedly experienced attacks due to a weakness in the Vyper programming language, which also led to problems on the decentralized finance (DeFi) protocol Curve Finance.
Security firm BlockSec tweeted on July 30 that about $73,000 in cryptocurrencies had been stolen on BSC in three different attacks. Similar problems with liquidity pools on Curve Finance have led to losses of over $41 million.
The issues were caused by a malfunctioning reentrancy lock on certain versions of Vyper, a programming language used by several DeFi pools. The language, which is popular for Web3 projects and was designed for the Ethereum Virtual Machine, could affect other protocols using the same versions of Vyper.
Since the news of the exploit was released, hackers have been trying to either stop further attacks or recover stolen funds.
One person, known as “c0ffebabe.eth,” was able to secure some funds. On July 30, they sent a message asking the affected protocols to get in touch with them to arrange the return of the funds. So far, they have returned almost 2,900 Ether, worth over $5 million, to Curve.
Another transaction saw c0ffebabe.eth move 1,000 ETH to a new wallet — likely the offline wallet they had previously mentioned.
The issue caused a drop in the trading markets for Curve DAO's own CRV token, which fell 17% to a price of $0.61. This decrease could cause more problems by potentially forcing the founder of Curve to liquidate their $70 million borrowed position on Aave.