crypto-economy.com
Table of Contents
After several stable pools on Curve Finance fell prey to a major exploit that drained a staggering $47 million due to a vulnerability in the programming language “Vyper”, the BNB Smart Chain (BSC) reportedly also suffered from similar copycat attacks.
On July 31, blockchain security firm BlockSec, took to Twitter to reveal the BNB Smart Chain (BSC) suffered from copycat attacks after similar attacks were carried on a number of stable pools on Curve Finance (CRV), a decentralised finance (DeFi) protocol, due to a vulnerability in the Vyper programming language.
The sheet updated. Losses have already ~$41m!https://t.co/lCaS4uEPzm https://t.co/stQYNJFS7y pic.twitter.com/P7jG8NHnV4
— BlockSec (@BlockSecTeam) July 30, 2023
How did the BNB Smart Chain Attack Happen?
Following the exploits carried out on Ethereum, around $73,000 worth of cryptocurrencies on BSC across three exploits had also been stolen. As per BlockSec, the vulnerability took place due to a malfunctioning reentrancy lock on Vyper versions 0.2.15, 0.2.16 and 0.3.0, which is used by a number of DeFi pools.
For the uninitiated, Vyper is a contract-oriented, pythonic programming language that targets the Ethereum Virtual Machine (EVM). It has been designed to develop apps seamlessly on the Web 3 and facilitate a natural feel in smart contracts.
It comes hot on the heels after several stable pools on Curve Finance using Vyper were exploited on July 30, with losses reaching over $47 million. As per experts, the primary reason for these attacks are some versions of the Vyper compiler do not correctly implement the reentrancy guard, which prevents multiple functions from being executed at the same time by locking a contract.
Cyber Criminals Continue to Target DeFi
Reentrancy attacks can potentially drain all funds from a contract. This incident underscores the importance of robust security practices and constant vigilance in the DeFi community. Such exploits have continued to plague the DeFi industry since a long time now with criminals embezling a whopping $480 million through smart contract DeFi hacks in the first half of 2023.
However, this is not the first time Binance Smart Chain fell victim to such an attack. On Oct 7, 2022, the cross-chain bridge which powers the Binance Coin (BNB) ecosystem was hacked. BNB Chain paused Binance Smart Chain (BSC) after determining a vulnerability had been exploited.
Nansen had reported that the attacker had illegally issued 2 million BNB, worth approximately $566m from the address of BSC: Token Hub through two transactions of 1 million BNB each.
Our analysis shows that the @Rodeo_Finance hack (w/ ~$1.53M loss) is a so-called "ForceInvestment" hack: the Investor.earn() routine has a flaw that can be forced to swap $USDC -> $WETH -> $unshETH, but the slippage control cannot take effect as expected due to the flawed… pic.twitter.com/2j0bmQRe2r
— PeckShield Inc. (@peckshield) July 11, 2023
Recently, Rodeo Finance, an Arbitrum (ARB) based DeFi protocol, fell prey to an oracle manipulation attack that resulted in a loss of about 810 Ethereum (ETH), approximately worth $1.5 million. Furthermore, on July 10, Arcadia Finance another DeFi platform, suffered an attack, that resulted in the loss of approximately $455,000 across the Ethereum and Optimism networks.