- Advanced Installer’s Crypto Twist - October 15, 2023
- Hackers Exploit Designers for Mining - October 15, 2023
- Hackers Target Binance Russia - September 26, 2023
Curve Finance has recently been under numerous attacks. Because of broken reentrancy holds on multiple different versions of the Vyper language of programming, several stablepools on Curve Finance were taken advantage of on July 30. It is predicted that Curve Finance lost about $47 million. DeFi protocols that used the weaker versions of Vyper, on the other hand, were also abused, subjecting the DeFi ecosystem to a stress test.
Hacker`s Plan
Some of the stolen assets were captured and given back to Curve Finance the same day by an ethical hacker. A front-running bot was utilized by a bot operator with the handle “c0ffeebabe.eth” to defeat a hostile hacker and secure about 3,000 ETH. The funds were subsequently sent back to the Curve deployer address, who appears to be the account’s legal owner.
The Mev Bot
A coffeebabe.eth-powered MEV (Maximal Extractable Value) bot foiled the hacker’s scheme. MEV bots are intended to proactively execute transactions with increased gas costs by searching the blockchain for lucrative deals. The MEV bot swiftly carried out the identical transaction with more gas after spotting the hacker’s activity, enabling it to obtain the 2800 ETH before the hacker could. Thankfully, the person who operated the MEV bot is an ethical hacker, or white hat, and they gave the money back to the original owner.
Fake Curve Finance Twitter Account
Twitter accounts pretending to be Curve Finance and hack victims are promoting a fraudulent reimbursement plan that targets those who have already lost their money in the current attack while the situation is chaotic. Currently, the official Curve Finance account has not announced any intentions for a refund.
In the meantime, the Vyper vulnerability has led to clone attacks against BNB Smart Chain. Data from blockchain security company BlockSec shows that throughout three vulnerabilities, almost $73,000 was taken.
A bogus refund program is being promoted by a copycat Curve Finance account.
The Public Reaction
Reddit users started a discussion in r/CryptoCurrency, which already has 2,000 upvotes. Many don’t understand how the bot works particularly, while others try to break it in details. It seems that the attack caused a great interest of crypto investors and other market players.