You can check the website statistics yourself or request them from us at [email protected]
On this platform, only organic high-quality traffic
Bitcoin
$ 30,725

Curio Hit by $16 Million Exploit Due to Voting Power Vulnerability

Curio, a venture aimed at streamlining liquidity from tangible assets for businesses, has been impacted by a smart contract loophole linked to an issue with voting power privileges.

In response, Curio has announced plans to initiate a compensation program for affected liquidity providers. This process may extend over a period of up to one year before completion.

Curio Reports Smart Contract Exploit And Voting Vulnerability, Assures Users of Prompt Action and Security Measures

As per findings from the Web3 security firm Cyvers, the breach is believed to have stemmed from a flaw in the permissioned access logic. Exploiting this vulnerability enabled the attacker to generate an additional 1 billion CGT tokens, leading to the acquisition of CGT tokens valued at nearly $16 million.

Cyvers Alerts issued this notification subsequent to Curio’s March 23 warning to the community regarding a smart contract breach. Curio informed its community about the exploit via a post on X platform, affirming active measures to rectify the situation. The compromised component was identified as a MakerDAO-based smart contract integrated within Curio’s infrastructure.

The Curio Ecosystem team reassures users that only the smart contract associated with their Ethereum platform was impacted, affirming the security of all contracts on Polkadot and the Curio Chain.

In their statement, the team stated, “Unfortunately, the MakerDAO-based smart contracts utilized within our ecosystem were exploited on the Ethereum side. We are actively addressing the situation and will provide regular updates. Be assured that all contracts on the Polkadot side and the Curio Chain remain secure.”

On March 25, Curio issued a post-mortem report regarding the exploit and unveiled a compensation strategy for affected users. The report highlighted that the root cause was a flaw in the access control mechanism for voting power privileges.

The intruder acquired a portion of Curio Governance (CGT) tokens, allowing them to augment their voting authority within the project’s smart contract. Leveraging this increased voting power, the attacker executed a sequence of actions enabling them to perform unauthorized actions within the Curio DAO contract, ultimately resulting in the illicit creation of a substantial quantity of CGT tokens.

Curio Announces Recovery Plans and Compensation Program Following Exploit

In response to the exploit, Curio has unveiled plans to reward ethical hackers who assisted in recovering the lost funds. The team has announced that these hackers could potentially receive a reward equivalent to 10% of the funds reclaimed during the initial recovery phase.

Furthermore, Curio has pledged to return all funds affected by the attack to the impacted parties. To facilitate this, they have introduced a new token named CGT 2.0, which will be utilized to reimburse 100% of the funds for CGT holders.

Additionally, Curio has detailed a comprehensive compensation program for liquidity providers impacted by the exploit. This program will unfold across four successive stages, each spanning 90 days. Throughout each stage, affected parties will receive compensation in USDC or USDT, covering 25% of the losses incurred by the second token in the liquidity pools. This phased approach indicates that the complete compensation process may extend up to one year.

In February, losses stemming from hacks and scams decreased to approximately $67 million, marking a reduction of about half compared to January’s figures. Notably, all attack instances were linked to the decentralized finance (DeFi) sector, while centralized platforms remained unaffected.

The majority of losses in February were attributed to breaches of the gaming platform PlayDapp and the decentralized exchange FixedFloat, resulting in a combined loss of $58.45 million. Additionally, the cryptocurrency casino Duelbits reported a loss of $4.6 million due to a compromised private key.

Related Posts

Leave a Reply

Confirm now and stay with our news

What we write about

I want to save money. Will cryptocurrency work?

Cryptocurrency is essentially virtual money that operates in a decentralized manner, not through a bank but directly on multiple independent computers.

Every cryptocurrency has two main components: the units of digital exchange called “coins” and the network within which the exchange takes place. These units can be transferred between wallets and exchanged on exchanges. The networks in which these coins exist are called blockchains, which translates to “chains of blocks.”

Latest Articles

Coinbase Board Member Kathryn Haun to Step Down – What’s Going On?
21.04.2024By
Kenyan Volcano Turns on Lights in Rural Homes with Jack Dorsey’s Bitcoin Mining Support
21.04.2024By
Telegram to Introduce USDT Payments With Telegram Wallet and the Open Network
20.04.2024By

Latest news

Coinbase Board Member Kathryn Haun to Step Down – What’s Going On?
21.04.2024
Kenyan Volcano Turns on Lights in Rural Homes with Jack Dorsey’s Bitcoin Mining Support
21.04.2024
Telegram to Introduce USDT Payments With Telegram Wallet and the Open Network
20.04.2024
HashKey Exchange Suspends Binance Deposits and Withdrawals Citing Policy Adjustments
20.04.2024
Mango Markets Hacker Found Guilty, Faces 20 Years in Prison: Reuters
20.04.2024
Japan’s SBI Group Plans to Issue NFTs Built on XRP Ledger for World Expo 2025 in Osaka
20.04.2024
Ethereum Sees $365 Million in Revenue in Q1, Up by 155% YoY
20.04.2024
Anti-Bitcoin SEC Commissioner Caroline Crenshaw May Soon Lose Her Seat
20.04.2024
Is The Bull Market Over Before The Bitcoin Halving? Glassnode Report
20.04.2024
Escaped South Korean Criminal Suspect ‘Used Weapon to Rob OTC Crypto Buyer’
18.04.2024