You can check the website statistics yourself or request them from us at [email protected]
On this platform, only organic high-quality traffic
Bitcoin
$ 30,725

Curio Hit by $16 Million Exploit Due to Voting Power Vulnerability

Curio, a venture aimed at streamlining liquidity from tangible assets for businesses, has been impacted by a smart contract loophole linked to an issue with voting power privileges.

In response, Curio has announced plans to initiate a compensation program for affected liquidity providers. This process may extend over a period of up to one year before completion.

Curio Reports Smart Contract Exploit And Voting Vulnerability, Assures Users of Prompt Action and Security Measures

As per findings from the Web3 security firm Cyvers, the breach is believed to have stemmed from a flaw in the permissioned access logic. Exploiting this vulnerability enabled the attacker to generate an additional 1 billion CGT tokens, leading to the acquisition of CGT tokens valued at nearly $16 million.

Cyvers Alerts issued this notification subsequent to Curio’s March 23 warning to the community regarding a smart contract breach. Curio informed its community about the exploit via a post on X platform, affirming active measures to rectify the situation. The compromised component was identified as a MakerDAO-based smart contract integrated within Curio’s infrastructure.

The Curio Ecosystem team reassures users that only the smart contract associated with their Ethereum platform was impacted, affirming the security of all contracts on Polkadot and the Curio Chain.

In their statement, the team stated, “Unfortunately, the MakerDAO-based smart contracts utilized within our ecosystem were exploited on the Ethereum side. We are actively addressing the situation and will provide regular updates. Be assured that all contracts on the Polkadot side and the Curio Chain remain secure.”

On March 25, Curio issued a post-mortem report regarding the exploit and unveiled a compensation strategy for affected users. The report highlighted that the root cause was a flaw in the access control mechanism for voting power privileges.

The intruder acquired a portion of Curio Governance (CGT) tokens, allowing them to augment their voting authority within the project’s smart contract. Leveraging this increased voting power, the attacker executed a sequence of actions enabling them to perform unauthorized actions within the Curio DAO contract, ultimately resulting in the illicit creation of a substantial quantity of CGT tokens.

Curio Announces Recovery Plans and Compensation Program Following Exploit

In response to the exploit, Curio has unveiled plans to reward ethical hackers who assisted in recovering the lost funds. The team has announced that these hackers could potentially receive a reward equivalent to 10% of the funds reclaimed during the initial recovery phase.

Furthermore, Curio has pledged to return all funds affected by the attack to the impacted parties. To facilitate this, they have introduced a new token named CGT 2.0, which will be utilized to reimburse 100% of the funds for CGT holders.

Additionally, Curio has detailed a comprehensive compensation program for liquidity providers impacted by the exploit. This program will unfold across four successive stages, each spanning 90 days. Throughout each stage, affected parties will receive compensation in USDC or USDT, covering 25% of the losses incurred by the second token in the liquidity pools. This phased approach indicates that the complete compensation process may extend up to one year.

In February, losses stemming from hacks and scams decreased to approximately $67 million, marking a reduction of about half compared to January’s figures. Notably, all attack instances were linked to the decentralized finance (DeFi) sector, while centralized platforms remained unaffected.

The majority of losses in February were attributed to breaches of the gaming platform PlayDapp and the decentralized exchange FixedFloat, resulting in a combined loss of $58.45 million. Additionally, the cryptocurrency casino Duelbits reported a loss of $4.6 million due to a compromised private key.

Related Posts

Leave a Reply

Confirm now and stay with our news

What we write about

I want to save money. Will cryptocurrency work?

Cryptocurrency is essentially virtual money that operates in a decentralized manner, not through a bank but directly on multiple independent computers.

Every cryptocurrency has two main components: the units of digital exchange called “coins” and the network within which the exchange takes place. These units can be transferred between wallets and exchanged on exchanges. The networks in which these coins exist are called blockchains, which translates to “chains of blocks.”

Latest Articles

S&P Global Ratings joins Singapore MAS’s Project Guardian
28.06.2024By
Boden Memecoin Crashes After US President Biden’s Poor Debate Performance
28.06.2024By
Steno Research Expects $15-20B Inflows into Ether Spot ETFs, Predicts $6,500 Price Target
28.06.2024By

Latest news

S&P Global Ratings joins Singapore MAS’s Project Guardian
28.06.2024
Boden Memecoin Crashes After US President Biden’s Poor Debate Performance
28.06.2024
Steno Research Expects $15-20B Inflows into Ether Spot ETFs, Predicts $6,500 Price Target
28.06.2024
Bitcoin Mining Firm CleanSpark Acquires GRIID in $155M Stock Deal
28.06.2024
Elastos Partners With BEVM to Launch Bitcoin P2P Loans, Targeting $1.3T in Dormant Value
28.06.2024
Coinbase Files Lawsuits Against SEC, FDIC Over FOIA Request
27.06.2024
UK Watchdog Boosts Crypto Division to 100 Staff Members
27.06.2024
Hong Kong Government Explores DeFi and Metaverse to Boost Fintech Dominance
27.06.2024
Spot Ether ETFs May Receive US Approval by July 4: Report
27.06.2024
Bitcoin ETFs See Inflows for Second Consecutive Day as BTC Holds Steady at $60K
27.06.2024