A coding flaw in the Vyper language has apparently led to attacks on the BNB Smart Chain (BSC), similar to the one that affected the decentralised finance (DeFi) protocol Curve Finance.
On July 30, Blockchain security company BlockSec stated that three exploits had also been used to steal almost $73,000 worth of cryptocurrency from BSC, in addition to the Ethereum exploits.
According to recent BlockSec statistics, similar vulnerabilities aimed at Curve Finance’s liquidity pools have caused losses of more than $41 million.
Reentrancy locks on Vyper variants 0.2.15, 0.2.16, and 0.3.0, are responsible for the vulnerability, which are employed by some DeFi pools.
It is thought that it is one of the most popular programming languages used for Web3 projects. It was created for the Ethereum Virtual Machine, but it might also have an impact on other protocols that make use of the vulnerable Vyper versions.
Since the discovery of the exploit, black hat and white hat hackers have been engaged in a battle on-chain to prevent each other’s efforts to use the vulnerability or recover lost cash.
“c0ffebabe.eth,” a possible whitehat user, appeared to be able to take some money to store for protection. On July 30, they sent an on-chain message requesting communication from affected protocols in order to arrange for the restoration of cash.
As per one transaction, the wallet has been refunded to Curve roughly 2,900 Ether worth more than $5 million.
In a subsequent transaction, c0ffebabe.eth transferred 1,000 ETH to what appears to be a newly-created wallet, which is probably the cold wallet they previously stated.