Amid the recent hack and exploitation of Curve finance, a decentralized finance (DeFi) protocol, a good-willed hacker has magnanimously recovered around 2,879 Ether for the exploited protocol.
Following this, some stable pools on curve finance were exploited on the 30th of July 2023. This was made possible due to malfunctioning reentrancy locks on several versions of the Vyper programming language. The total amount of losses recorded as a result of this hack was reported to be around $47 million.
Shortly after this hack, a hacker swung into action leading to the recovery and seizure of some of the stolen assets which was later sent to curve finance. In achieving this, the magnanimous hacker with the pseudonym “c0ffeebabe.eth” made use of a front-running bot, gaining access to around 3000 ETH. This was then repatriated to the Curve deployer’s address, which appears to be its rightful custodian.
While this is also going on, an impersonator has taken to Twitter, impersonating curve finance with the hope of defrauding victims of the initial exploit. To do this, the fake page made a Tweet where they promoted a fake refund scheme for those who had lost their assets to the recent hack.
In a bid to prevent this exploit initially, BlockSecTeam made it known via Twitter that they had tried to alert curve finance on the “WETH pool (0x8301) issue” they had found. But before they could be reached and necessary action could be taken, the fatal blow had been launched by the hacker. “This means attackers have also located the same issue and successfully launched the attack” the Tweet revealed.
Is Vyper Programming Language Vulnerable?
The recent happenings in the crypto space in line with the Vyper programming language might place doubt on the reliability and strength of the programming language. BNB chain has also suffered a big blow in the form of a copycat attack which was also due to Vyper’s vulnerability. According to reports, a total of $73,000 was stolen across these three exploits on the BNB chain.
To mitigate the risks and rate of these cyber attacks, the U.S. The Securities and Exchange Commission has adopted a new set of rules and regulations on cybersecurity issues that involve public companies in the US.
Part of this rule necessitates the disclosure of a cyber attack four days after it has been seen as “material.” As further explained by the SEC, this rule will necessitate frequent reports on these policies to identify and also manage these cyber risks.