Curio Smart Contract Breach: Hacker Mints 1B Tokens in $16M Exploit, Compensation Program Initiated
Mar 26, 2024
In a recent incident, Curio, a real-world asset (RWA) liquidity firm, fell victim to a smart contract exploit resulting in the minting of 1 billion tokens and a loss of approximately $16 million in digital assets. The exploit, attributed to a critical vulnerability in voting power privileges, allowed a hacker to siphon off the funds. Curio promptly informed its community about the breach and assured users that only the Ethereum side of operations was affected, with its Polkadot and Curio Chain contracts remaining secure. Cyvers, a Web3 security firm, confirmed the exploit's nature as a "permission access logic vulnerability," estimating the losses. In response, Curio announced a compensation program for impacted liquidity providers, with the process expected to take up to one year for completion. Furthermore, the company released a post-mortem detailing the exploit and outlined steps to address the underlying issue in its access control mechanisms.
Previous
Next