Cryptonews DeFi News Curio Hit by $16 Million Exploit Due to Voting Power Vulnerability

Curio Hit by $16 Million Exploit Due to Voting Power Vulnerability

Hassan Shittu
Hassan Shittu
Last updated: | 2 min read
Curio Hit by $16 Million Exploit Due to Voting Power Vulnerability

Curio, a project focused on facilitating liquidity from real-world assets for firms, has fallen victim to a smart contract exploit related to a vulnerability in voting power privileges.

Curio said it will conduct a fund compensation program for affected liquidity providers, which could potentially take up to one year to complete.

Curio Reports Smart Contract Exploit And Voting Vulnerability, Assures Users of Prompt Action and Security Measures

According to the Web3 security firm Cyvers, the hack most likely occurred due to a vulnerability in the permissioned access logic. This vulnerability allowed the attacker to create an additional 1 billion CGT tokens, which in turn resulted in the hacker obtaining CGT tokens worth almost $16 million.

The Cyvers Alerts message comes after Curio warned the community about a smart contract exploit on March 23.

Curio notified its community of the exploit through a post on X and assured them that it is actively addressing the situation. It was revealed that a MakerDAO-based smart contract utilized within Curio was compromised.

They further assure users that only the smart contract on their Ethereum side was affected, and all contracts on Polkadot and the Curio Chain remained secure. The Curio Ecosystem team said,

“Unfortunately, MakerDAO-based Smart contracts used within our ecosystem were exploited on the Ethereum side. We’re actively addressing the situation and will keep you updated. Rest assured, all Polkadot side and Curio Chain contracts remain secure.”

On March 25, Curio released a post-mortem report on the exploit and a compensation plan for affected users. The report outlined that the issue stemmed from a voting power privilege access control flaw.

The attacker gained access to a few Curio Governance (CGT) tokens, enabling them to increase their voting power within the project’s smart contract. With the elevated voting power, the attacker executed a series of steps that allowed them to perform arbitrary actions within the Curio DAO contract, ultimately leading to the unauthorized minting of a large quantity of CGT tokens.

Curio Announces Recovery Plans and Compensation Program Following Exploit

Following the exploit, Curio announced plans to reward white hat hackers who helped them recover the lost funds. The team stated that hackers could receive a reward equivalent to 10% of the funds recovered during the initial recovery phase.

The Curio team also stated that all funds affected by the attack would be returned to the affected parties. To facilitate this, the team announced the creation of a new token called CGT 2.0, which will be used to restore 100% of the funds for CGT holders.

Additionally, Curio outlined a fund compensation program for liquidity providers affected by the exploit. The compensation program will be conducted in four consecutive stages, each lasting 90 days. 

During each stage, compensation will be paid in USDC or USDT, amounting to 25% of the losses incurred by the second token in the liquidity pools. This staged approach suggests that total compensation may take up to one year to complete.

In February, losses due to hacks and scams decreased to around $67 million, approximately half the January figure. All attack vectors were related to the decentralized finance (DeFi) sector, while centralized platforms remained unaffected.

Most losses in February were attributed to hacks of the gaming platform PlayDapp and the decentralized exchange FixedFloat, which collectively lost $58.45 million. Additionally, cryptocurrency casino Duelbits suffered a loss of $4.6 million due to a compromised private key.

Crypto Exploit Curio Real World Assets

Most Popular

Altcoin News
Armenian Officials Trained on Essential Techniques and Tools for Effective Crypto-Crime Investigations
Blockchain News
Real-World Data Unlocks the True Value of Tokenization: Chainlink
Altcoin News
Stripe to Resume Crypto Payments, Starting with USDC Stablecoin on Numerous Blockchains
News
DCG Boosts Legal Arsenal with First Chief Hire During New York AG Dispute
Altcoin News
Pantera Capital Seeks to Raise $1 Billion for New Fund Offering Exposure to Crypto Assets
Bitcoin News
Bitcoin Price Prediction as ‘Bitcoin Halving’ Executes Successfully – Will a New Bull Market Start Now?

Latest news

Altcoin News
DTCC Declares No Collateral Value for Bitcoin-Linked ETFs, Impacting Loan Extensions
Altcoin News
Data Indicates Stablecoins Are Becoming A Global Asset Class
Bitcoin News
Bitcoin Price Chops Either Side of $64,000 Following Latest US Inflation Report – Here’s What You Need To Know
Blockchain News
CryptoQuant CEO Supports Crypto Mixing, Says It’s Not A Crime
Ethereum News
$510 Million in Ethereum Longs at Risk Amid Potential Weekend Volatility – Massive Price Swing Incoming?
Bitcoin News
Crypto Billionaire Arthur Hayes Predicts Bitcoin Bull Run to Return After $1.4 Trillion US Liquidity Spike
Blockchain News
Elizabeth Warren-Challenger John Deaton to File Brief in Support of Coinbase Appeal in SEC Case Today: Fox

Similar News