According to reports, the Vyper programming language flaw has led to copycat attacks on the BNB Smart Chain (BSC), similar to the one that affected the decentralized finance (DeFi) protocol Curve Finance.
On July 30, Blockchain security company BlockSec stated that three exploits had also been used to steal almost $73,000 worth of cryptocurrency from BSC, in addition to the Ethereum exploits.
According to recent BlockSec estimates, similar vulnerabilities aimed at Curve Finance’s liquidity pools have caused losses of more than $41 million.
Reentrancy locks on Vyper versions 0.2.15, 0.2.16, and 0.3.0, which are employed by several DeFi pools, were found to be inoperable, which led to the vulnerability.
It is thought that one of the most popular programming languages is employed for Web3 applications. It was created specifically for the Ethereum Virtual Machine, but it may also have an impact on other protocols that make use of the vulnerable Vyper versions.
Since word of the attack spread, white hat and black hat hackers have been squabbling on-chain in an effort to thwart each other’s attempts to use the vulnerability or recoup funds.
One prospective whitehat, c0ffebabe.eth, appears to have been able to obtain some money for safekeeping. On July 30, they sent an on-chain message requesting that affected protocols contact them to arrange for the recovery of cash.
According to one transaction, the wallet has refunded roughly 2,900 Ether worth more than $5 million to Curve.
In another transaction, c0ffebabe.eth transferred 1,000 ETH to what looks to be a newly formed wallet – most likely the cold wallet discussed earlier.