BNB Smart Chain hit with copycat Vyper attack, $73K exploited

2



The BNB Smart Chain (BSC) has reportedly suffered copycat attacks due to a vulnerability in the Vyper programming language, following a similar vein to the exploit on the decentralized finance (DeFi) protocol Curve Finance.

Amid the exploits carried out on Ethereum, Blockchain security firm BlockSec tweeted on July 30 that around $73,000 worth of cryptocurrencies on BSC across three exploits had also been stolen.

It comes as similar exploits targeting liquidity pools on Curve Finance have racked up losses exceeding $41 million according to current BlockSec estimates.

The vulnerability was caused by a malfunctioning reentrancy lock on Vyper versions 0.2.15, 0.2.16 and 0.3.0, which is used by a number of DeFi pools.

The programming language is believed to be one of the most widely used for Web3 projects and was designed for Ethereum Virtual Machines (EVMs) and could affect other protocols that use the afflicted Vyper versions.

Since news of the exploit broke, white hat and black hat hackers have been duking it out on-chain attempting to disrupt each other’s exploit attempts or efforts to recover funds.

Related: Pond0X token launch snafu leads to millions of dollars in losses

One potential whitehat, known as “c0ffebabe.eth,” was seemingly able to grab some funds to store for safekeeping. On July 30 they sent an on-chain message asking affected protocols to contact them to organize returning funds.

So far, the wallet has returned nearly 2,900 Ether (ETH) worth over $5 million to Curve according to one transaction.

Another transaction saw c0ffebabe.eth move 1,000 ETH to what appears to be a newly-created wallet — likely the cold wallet which they mentioned earlier.

Hall of Flame: Wolf Of All Streets worries about a world where Bitcoin hits $1M