A vulnerability in the Vyper programming language has led to copycat attacks on the BNB Smart Chain (BSC), resulting in the theft of approximately $73,000 worth of cryptocurrencies. This follows a similar exploit on the Curve Finance decentralized finance (DeFi) protocol. Blockchain security firm BlockSec estimates that losses from exploits targeting Curve Finance liquidity pools have exceeded $41 million.

The vulnerability is caused by a malfunctioning reentrancy lock on Vyper versions 0.2.15, 0.2.16, and 0.3.0, which is used by several DeFi pools. The Vyper programming language is widely used in Web3 projects and was designed for Ethereum Virtual Machines (EVMs). Other protocols using the affected Vyper versions may also be at risk.

Since the exploit was discovered, white hat and black hat hackers have been engaging in on-chain battles to disrupt each other’s exploit attempts or recover stolen funds. One white hat hacker, known as “c0ffebabe.eth,” managed to retrieve some funds and sent a message on-chain offering to return them to the affected protocols.

So far, c0ffebabe.eth has returned nearly 2,900 Ether (ETH) worth over $5 million to Curve Finance. Another transaction showed 1,000 ETH being moved to a newly-created wallet, likely the cold wallet mentioned earlier.

Summary

The BNB Smart Chain (BSC) has been targeted by copycat attacks, exploiting a vulnerability in the Vyper programming language. Approximately $73,000 worth of cryptocurrencies has been stolen. The Vyper vulnerability is similar to the exploit on the Curve Finance DeFi protocol, which has resulted in losses exceeding $41 million. White hat and black hat hackers are battling on-chain to disrupt exploit attempts or recover stolen funds. One white hat hacker has managed to retrieve and return nearly $5 million worth of Ether to Curve Finance.

FAQs

What is the BNB Smart Chain?

The BNB Smart Chain (BSC) is a blockchain platform developed by Binance, which supports the creation of smart contracts and decentralized applications.

What is Vyper?

Vyper is a programming language used for writing smart contracts on the Ethereum platform. It is designed to be more secure and auditable compared to other programming languages used for smart contracts.

What is Curve Finance?

Curve Finance is a decentralized exchange (DEX) and automated market maker (AMM) protocol built on Ethereum. It focuses on providing low-slippage trades for stablecoins.

What are white hat and black hat hackers?

White hat hackers are ethical hackers who use their skills to identify and fix vulnerabilities in computer systems. Black hat hackers, on the other hand, use their skills for malicious purposes, such as exploiting vulnerabilities and stealing data or funds.

What is a reentrancy lock?

A reentrancy lock is a security measure used in smart contracts to prevent malicious contracts from repeatedly calling back into the target contract during the execution of a function. It helps protect against reentrancy attacks where an attacker exploits the reentrant nature of a contract to manipulate its state.