Digital Intrigue: $16M Curio Smart Contract Breach Spurs 1B Token Inflation By Hacker

Curio, a company dealing with real-world assets and their liquidity, got hit by a cyber attack. This attack was because of a big problem with the computer code that handles voting power. This let the bad guy take $16 million worth of digital money.

Curio told its people about the problem and said they’re fixing it. They mentioned that a MakerDAO-based smart contract used in Curio got hacked.

However, the company told its users that the problem only hit Ethereum, and everything with Polkadot and Curio Chain was safe and sound.

Cyvers, a company that deals with Web3 security, reckons that the hack has caused losses of around $16 million. They said it happened due to a “permission access logic vulnerability.”

Source: Cyvers Alerts

On Mar 25, Curio released a report explaining what went wrong and how they plan to make it right for affected users. They said the issue was a mistake in how they controlled who could vote on things.

With this, the attacker got some Curio Governance (CGT) tokens, which let them access and increase their voting power in the project’s smart contract.

With more voting power, the attacker did several things that allowed them to do whatever they wanted in the Curio DAO contract. Because of this, they made 1 billion CGT without permission.

Curio Compensation Plan Unveiled

Curio’s report stated they would return all the money from the hack. They also mentioned they’re making a new token, CGT 2.0. With this token, they assured to return the full amount of all the funds to CGT holders.

Curio announced a plan to compensate those who provide liquidity. They mentioned the payment would be divided into four parts, each lasting 90 days. So, it might take around a year to get the whole payment.

“The plan to pay you back has four parts, each for 90 days. We’ll give you some money in USDC/USDT in each part. It will be 25% of what you lost with the other token in the pools.”

The company plans to reward good-guy hackers who can help recover the lost money. They mentioned that these hackers might get a reward worth 10% of the money recovered in the first phase of recovery.

Related Reading | Bitcoin Behemoth: The Fifth-Richest Whale Makes Waves With $6B Transaction

The author’s views are for reference only and shall not constitute any investment advice. Please ensure you fully understand and assess the products and associated risks before purchasing.

Comments (No)

Leave a Reply