The Curio defi project suffered an attack, and Cyvers Alerts experts estimated the damage at $16 million.
According to analysts at Cyvers Alerts, the hack most likely occurred due to a vulnerability in the permissioned access logic, which allowed the attacker to create an additional 1 billion CGT tokens. As a result, the hacker took possession of CGT tokens worth almost $40 million.
Community Alert: We've just been notified of a smart contract exploit within our ecosystem. Unfortunately, MakerDAO’s based Smart contract used within our ecosystem were exploited on the Ethereum side. We're actively addressing the situation and will keep you updated. Rest…
— Curio Ecosystem | Tokenize The World (@curio_invest) March 23, 2024
The Cyvers Alerts message comes after Curio warned the community about a smart contract exploit.
According to Cyvers Alerts, the MakerDAO-based smart contract used in the ecosystem was used on the Ethereum side.
🚨ALERT🚨@curio_invest has experienced a $16M exploit involving a smart contract based on @MakerDAO within their ecosystem!
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) March 25, 2024
The exploit appears to stem from a permission access logic vulnerability. The attacker leveraged this vulnerability to mint an additional 1B $GCT.… https://t.co/xWvvYzrWaI pic.twitter.com/dvenfJHJFi
“Unfortunately, MakerDAO’s based Smart contract used within our ecosystem were exploited on the Ethereum side. We’re actively addressing the situation and will keep you updated. Rest assured, all Polkadot side and Curio Chain contracts remain secure.”
Curio Ecosystem team
In February, damage to the crypto industry from hacks and scams decreased to around $67 million, approximately half the January figure. All attack vectors were related to the defi sector during the reporting month, while centralized platforms did not record a notable incident.
In February, almost all losses occurred due to hacks of the gaming platform PlayDapp, which lost $32.35 million, and a decentralized exchange FixedFloat at $26.1 million. Cryptocurrency casino Duelbits lost $4.6 million in assets due to a private key being compromised.