BNB Smart Chain (BSC) Suffers from Copycat Attack

BNB Smart Chain (BSC) was recently hit by a copycat attack due to a vulnerability in the Vyper programming language, similar to the vulnerability faced by decentralized finance (DeFi) protocol Curve Finance.
Blockchain security firm BlockSec reported on July 30 that approximately $73,000 worth of cryptocurrency on BSC was stolen through three different vulnerabilities.
The exploitation of Curve Finance’s liquidity pool also resulted in significant losses, with losses exceeding $41 million, according to BlockSec estimates.
The root cause of the vulnerability was identified as a reentrancy lock glitch in Vyper versions 0.2.15, 0.2.16, and 0.3.0, which are widely used by various DeFi mining pools.
Since Vyper is designed for the Ethereum Virtual Machine, other protocols using these versions may also be affected.
After news of the exploit broke, both white-hat and black-hat hackers engaged in on-chain activity in an attempt to block each other’s exploit attempts or recover funds.
An individual going by the name “c0ffebabe.eth” appears to have acted as a potential white hat and was given some of the funds for safekeeping.
On July 30, this individual published an on-chain message asking the affected protocols to contact them to arrange the return of funds.
To date, “c0ffebabe.eth” has returned nearly 2,900 Ether (ETH), equivalent to about $5 million, to Curve in a single transaction.
In another transaction, they transferred 1,000 ETH to a seemingly newly created wallet, most likely the cold wallet mentioned earlier for additional custody.
The situation has raised concerns about Vyper’s security and its impact on other Web3 projects.
Given the widespread adoption of this programming language, it is critical that developers and protocols remain vigilant to potential vulnerabilities and address them promptly to protect user funds.
In summary, the BNB Smart Chain faced a copycat attack due to a Vyper programming language vulnerability, similar to the one witnessed in the Curve Finance DeFi protocol.
The incident highlights the importance of strong security measures in the rapidly growing decentralized finance space and reminds project owners to prioritize the safety of user assets.