The loss of tens of millions of dollars has affected several crypto platforms.
Over the past weekend, several cryptocurrency platforms were subjected to a massive hack that resulted in the theft of millions of dollars. Hackers exploited a vulnerability in one of the most popular Web3 programming languages, Vyper, which is actively used to create smart contracts.
Vyper developers have warned about a potential vulnerability in versions 0.2.15, 0.2.16 and 0.3.0, due to which hackers manipulate smart contracts and translate them into a request for debiting funds from an account.
On Monday, decentralized finance (DeFi) platform Curve Finance reported a loss of $52 million in cryptocurrency due to a discovered vulnerability. Some white hat hackers have already been able to return some of the stolen funds, but the platform is actively trying to establish contact with the attackers, hoping to return the stolen cryptocurrency. Several ERC-20 tokens issued on Alchemix (alETH), Metronome Synth (smETH), and JPEG’d (pETH) were also compromised.
Due to the variety of damage estimates from various blockchain security companies, the exact loss remains unknown.
One of the developers of Vyper, known by the nickname "fubuloubu", stated that the hack was highly skilled and unexpected. According to the developer, in order to find and exploit this vulnerability, it took from several weeks to months. The break-in appears to have been well coordinated and possibly carried out by a small group. Given the amount of resources invested, there is reason to believe that government hackers may be involved in the case.