The BNB Smart Chain [BSC] has become the target of copycat attacks after attackers took off roughly $73k due to a bug in the Vyper programming language, mirroring the DeFi protocol Curve Finance hack. The incident mirrors a stark similarity to the recent Curve Finance liquidity pools, where over $40 million in funds were stolen.
According to the decentralized exchange Ellipsis, a few stable pools with BNB were exploited using an old Vyper compiler. Smart contracts compiled using Vyper versions 0.2.15, 0.2.16, and 0.3.0 are vulnerable, which can lead to the failure of the reentrancy guard, per on-chain security expert BlockSec.
Please note that this reentrancy issue is associated with the use of 'use_eth', which could potentially place the WETH-related pools in jeopardy! @CurveFinance , please DM us if you need any help. https://t.co/vjc1RRce7w pic.twitter.com/Wz8DXJZK7Y
— BlockSec (@BlockSecTeam) July 30, 2023
The auditing firm specializing in smart contracts pointed out that the reentrancy hack endangered all pools employing wrapped Ether [WETH], significantly aggravating the vulnerability’s effects on the larger DeFi ecosystem. Vyper is one of the most popular programming languages for web3 projects. The attack might not restrict itself to the EVM and might affect other Vyper version protocols.
Ever since news of the exploit spread, white hat and black hat hackers have been engaging in on-chain disputes. They attempt to hinder each other’s efforts to exploit the vulnerability or recover payments. One whitehat, called “c0ffebabe.eth,” recouped 2.9K ETH worth over $5 million. A user exclaimed, “A tale of tech turmoil and triumph, reminding us: safety first!”
BNB: The Fight Is Far From Over
protocols to contact them to organize the return of funds. So far, the wallet has returned nearly 2,900 Ethereum [worth over $5 million] to Curve, according to one transaction. “c0ffebabe.eth” transferred 1,000 ETH in another transaction to what appears to be a newly-created wallet, which is probably the cold wallet they previously stated.
The native token of the BNB, on the other hand, hasn’t responded much to the news. However, this does not lessen the impending risk that the protocol still carries. Just a few days ago, DappBay’s Red Alarm identified over 35 risky dApps for BNB.
However, some entities involved in these on-chain disputes include Staker Cafe, Okxo, Pepe Girl, Shiba Reward, and Maker Lending. Their actions pose potential risks for users and could undermine the dominance of the BNB network.
Related Reading | SEC Unveils Groundbreaking Cybersecurity Rules for Crypto Firms