Ethereum-Based Protocols Facing Exploits
While Ethereum-based protocols have been hit with the majority of the exploit activity, BNB Smart Chain has also seen similar copycat exploits, according to BlockSec.
Copycat Attacks on BNB Smart Chain
The BNB Smart Chain (BSC) has reportedly suffered copycat attacks due to a vulnerability in the Vyper programming language, following a similar vein to the exploit on the decentralized finance (DeFi) protocol Curve Finance.
Losses Amounting to $73,000
Amid the exploits carried out on Ethereum, Blockchain security firm BlockSec tweeted on July 30 that around $73,000 worth of cryptocurrencies on BSC across three exploits had also been stolen.
Parallel Losses on Curve Finance
It comes as similar exploits targeting liquidity pools on Curve Finance have racked up losses exceeding $41 million, according to current BlockSec estimates.
Vulnerability in Vyper Programming Language
The vulnerability was caused by a malfunctioning reentrancy lock on Vyper versions 0.2.15, 0.2.16, and 0.3.0, which is used by a number of DeFi pools. The programming language is believed to be one of the most widely used for Web3 projects. It was designed for the Ethereum Virtual Machine and could affect other protocols that use the afflicted Vyper versions.
Hackers in Action
Since news of the exploit broke, white hat and black hat hackers have been duking it out on-chain attempting to disrupt each other’s exploit attempts or efforts to recover funds.
Efforts to Recover Funds
One potential whitehat, known as “c0ffebabe.eth,” was seemingly able to grab some funds to store for safekeeping. On July 30, they sent an on-chain message asking affected protocols to contact them to organize returning funds.
Returning Funds to Curve Finance
So far, the wallet has returned nearly 2,900 Ether (ETH) worth over $5 million to Curve according to one transaction.
Cold Wallet Creation
Another transaction saw c0ffebabe.eth move 1,000 ETH to what appears to be a newly-created wallet — likely the cold wallet that they mentioned earlier.