A hacker successfully exploited a vulnerability in the code of various liquidity pools of Curve Finance, a prominent decentralized finance (DeFi) platform, resulting in the theft of $24 million worth of tokens. The breach originated from a bug in Vyper, a programming language for smart contracts written in Python, which had not been previously identified and was only publicly disclosed the day before the attack.The exploit affected certain outdated versions of Vyper, notably version v0.3.0 from October 2021. The process of discovering and exploiting this weakness likely took weeks or even months, suggesting that a coordinated effort, possibly by a small group or even state-funded hackers, was involved due to the extensive resources invested in the endeavor.The loot from recent hacks has seen a considerable decline compared to the DeFi and NFT hype, when hackers managed to steal hundreds of millions, if not billions of dollars. The current climate presents a challenge, as hackers now need to work harder to siphon off comparable sums that would have been considered substantial just two years ago.Hackers are turning their attention to fresh and pristine sources to exploit, such as zero-day exploits in compilers for smart contracts. The focus appears to be shifting towards identifying zero-day exploits in compilers for smart contracts, such as Solidity and Vyper. This means that there could be numerous smart contracts compiled with older versions of Solidity that may still be vulnerable to zero-day exploits.
Information |
Details |
Geography |
Global |
Countries |
|
Sentiment |
negative |
Relevance Score |
8 |
People |
Vyper Developer, Termed, Zero-Day Exploit, Vyper Developer, Anonymous Vyper Developer |
Companies |
Curve Finance, DeFi, Ethereum, Vyper, Solidity |
Currencies |
B,i,t,c,o,i |
Securities |
|