Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Curio Hit by $16 Million Exploit Due to Voting Power Vulnerability
Hassan Shittu
Last updated:
March 26, 2024 10:26 EDT | 2 min read
Curio said it will conduct a fund compensation program for affected liquidity providers, which could potentially take up to one year to complete.
Curio Reports Smart Contract Exploit And Voting Vulnerability, Assures Users of Action and Security Measures
According to the Web3 security firm Cyvers, the hack most likely occurred due to a vulnerability in the permissioned access logic. This vulnerability allowed the attacker to create an additional 1 billion CGT tokens, which in turn resulted in the hacker obtaining CGT tokens worth almost $16 million.
The Cyvers s message comes after Curio warned the community about a smart contract exploit on March 23.
Curio notified its community of the exploit through a post on X and assured them that it is actively addressing the situation. It was revealed that a MakerDAO-based smart contract utilized within Curio was compromised.
They further assure users that only the smart contract on their Ethereum side was affected, and all contracts on Polkadot and the Curio Chain remained secure. The Curio Eco team said,
On March 25, Curio released a post-mortem report on the exploit and a compensation plan for affected users. The report outlined that the issue stemmed from a voting power privilege access control flaw.
The attacker gained access to a few Curio Governance (CGT) tokens, enabling them to increase their voting power within the project’s smart contract. With the elevated voting power, the attacker uted a series of steps that allowed them to perform arbitrary actions within the Curio DAO contract, ultimately leading to the unauthorized minting of a large quantity of CGT tokens.
Curio Announces Recovery Plans and Compensation Program Following Exploit
Following the exploit, Curio announced plans to reward white hat hackers who helped them recover the lost funds. The team stated that hackers could receive a reward equivalent to 10% of the funds recovered during the initial recovery phase.
The Curio team also stated that all funds affected by the attack would be returned to the affected parties. To facilitate this, the team announced the creation of a new token called CGT 2.0, which will be used to restore 100% of the funds for CGT holders.
Additionally, Curio outlined a fund compensation program for liquidity providers affected by the exploit. The compensation program will be conducted in four consecutive stages, each lasting 90 days
During each stage, compensation will be paid in USDC or USDT, amounting to 25% of the losses incurred by the second token in the liquidity pools. This staged approach suggests that total compensation may take up to one year to complete.
In February, losses due to hacks and scams decreased to around $67 million, approximately half the January figure. All attack vectors were related to the decentralized finance (DeFi) sector, while centralized platforms remained unaffected.
Most losses in February were attributed to hacks of the gaming platform PlayDapp and the decentralized exchange FixedFloat, which collectively lost $58.45 million. Additionally, cryptocurrency casino Duelbits suffered a loss of $4.6 million due to a compromised private key.
Follow Us on Google News