Table Of Contents [hide]
Curio Reports Smart Contract Exploit And Voting Vulnerability
Curio, a project focused on facilitating liquidity from real-world assets for firms, has fallen victim to a smart contract exploit related to a vulnerability in voting power privileges. Curio announced that it will conduct a fund compensation program for affected liquidity providers, which could potentially take up to one year to complete.
Details of the Exploit
According to the Web3 security firm Cyvers, the hack most likely occurred due to a vulnerability in the permissioned access logic. This vulnerability allowed the attacker to create an additional 1 billion CGT tokens, resulting in the hacker obtaining CGT tokens worth almost $16 million.
Response and Actions Taken
Curio notified its community of the exploit through a post and assured them that it is actively addressing the situation. They confirmed that only the smart contract on their Ethereum side was affected, while contracts on Polkadot and the Curio Chain remained secure.
Recovery Plans and Compensation Program
Curio announced plans to reward white hat hackers who helped recover the lost funds. They also introduced a new token, CGT 2.0, to restore 100% of the funds for CGT holders. Additionally, a fund compensation program for liquidity providers affected by the exploit was outlined, to be conducted in four stages over 90 days each.
February Losses Due to Hacks
In February, losses due to hacks and scams decreased to around $67 million, with most losses attributed to hacks in the decentralized finance (DeFi) sector. Centralized platforms remained unaffected, with notable losses from platforms such as PlayDapp, FixedFloat, and Duelbits.
