Cryptocurrency Security

Crypto Firm Curio Hit by $16 Million Smart Contract Hack

In Brief

  • Liquidity firm Curio suffers a $16 million smart contract hack.
  • Curio reassures that only Ethereum-based contracts were affected.
  • Curio announces a compensation plan for affected users.
COINTURK NEWS
COINTURK NEWS

Real World Asset (RWA) liquidity firm Curio fell victim to a smart contract attack involving a critical security vulnerability related to voting power privileges, which allowed the attacker to steal $16 million in crypto assets. Curio alerted its community about the attack and emphasized that they were addressing the situation. The company revealed that a MakerDAO-based smart contract used within Curio was breached.

Contents
The $16 Million Hack AttackNoteworthy Steps from the Curio Team

The $16 Million Hack Attack

The company assured its users that the attack only affected the Ethereum side and that all Polkadot and Curio Chain contracts remained secure. Web3 security firm Cyvers estimates the losses from the attack to be around $16 million. The security firm stated that the attack involved a permission access logic security vulnerability.

On March 25th, Curio released a post-mortem of the attack and a compensation plan for affected users. The report highlighted that the issue was a flaw in the access control of voting power privileges. This allowed the attacker to acquire a small number of Curio Governance (CGT) tokens, gain access to the project’s smart contract, and increase voting power.

With the elevated voting power, the attacker was able to execute a series of actions that allowed the unauthorized minting of 1 billion CGT.

Noteworthy Steps from the Curio Team

In the report, Curio stated that all funds affected by the attack would be refunded. The team announced the release of a new token called CGT 2.0. With the new token, the team promised to restore 100% of the funds for CGT holders. For liquidity providers, Curio said it would run a compensation fund program. The team explained that payments would be made in four stages, each lasting 90 days. While this step could mean full payment may take up to a year, the team shared the following statement regarding the matter:

“The compensation program will consist of four consecutive stages, each lasting 90 days. In each stage, 25% of the losses incurred by the second token in the liquidity pools will be compensated in USDC/USDT parity.”

The company also said it would reward white-hat hackers who could help recover the lost funds. The team announced that hackers could receive a reward equivalent to 10% of the funds recovered in the first stage of recovery.

You can follow our news on Telegram, Facebook, Twitter & Coinmarketcap
Disclaimer: The information contained in this article does not constitute investment advice. Investors should be aware that cryptocurrencies carry high volatility and therefore risk, and should conduct their own research.

You Might Also Like

Security Researchers Uncover New Malware Threats Targeting Cryptocurrency Users

Malware Targets Crypto Traders with Deceptive Techniques

Cybersecurity Threats Targeting Lottie Player Impact Various Websites

Trust Wallet Implements Robust Security Measures to Protect Users

Federal Prosecutors Offer Plea Deal to Eric Council Jr. for SEC Account Hack

Share This Article
Previous Article Gunzilla Games Secures $30 Million for Upcoming Game “Off the Grid”
Next Article Explosive Growth Expected for Two Altcoins, Predicts Crypto Oracle
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Connected

Latest News

XRP Surpasses One Dollar and Gains Market Confidence
Ripple (XRP)
Stuart Alderoty Criticizes Gary Gensler’s Justification of Crypto Lawsuits
Cryptocurrency News
Whales Drive Interest in Newly Listed Tokens on Binance
Altcoin News Cryptocurrency News
Elon Musk Boosts Dogecoin Sentiment with D.O.G.E. Announcement
Altcoin News Meme Token
Lost your password?