The BNB Smart Chain (BSC) has reportedly suffered copycat attacks due to a vulnerability in the Vyper programming language, following a similar vein to the exploit on the decentralized finance (DeFi) protocol Curve Finance.
Amid the exploits carried out on Ethereum, Blockchain security firm BlockSec tweeted on July 30 that around $73,000 worth of cryptocurrencies on BSC across three exploits had also been stolen.
It comes as similar exploits targeting liquidity pools on Curve Finance have racked up losses exceeding $41 million, according to current BlockSec estimates.
— BlockSec (@BlockSecTeam) July 30, 2023
The vulnerability was caused by a malfunctioning reentrancy lock on Vyper versions 0.2.15, 0.2.16 and 0.3.0, which is used by a number of DeFi pools.
The programming language is believed to be one of the most widely used for Web3 projects. It was designed for the Ethereum Virtual Machine and could affect other protocols that use the afflicted Vyper versions.
Since news of the exploit broke, white hat and black hat hackers have been duking it out on-chain attempting to disrupt each other’s exploit attempts or efforts to recover funds.
One potential whitehat, known as “c0ffebabe.eth,” was seemingly able to grab some funds to store for safekeeping. On July 30 they sent an on-chain message asking affected protocols to contact them to organize returning funds.
— Addison (@0xaddi) July 30, 2023
So far, the wallet has returned nearly 2,900 Ether (ETH) worth over $5 million to Curve according to one transaction.
— KGJR (@KGJRTG) July 30, 2023
Another transaction saw c0ffebabe.eth move 1,000 ETH to what appears to be a newly-created wallet — likely the cold wallet that they mentioned earlier.