Millions of dollars worth of cryptocurrency were stolen from several platforms after hackers exploited a vulnerability in a programming language used widely in the cryptocurrency world (see about Biggest Decentralized Finance Hacks).
Vyper — one of the most popular Web3 programming languages — is used to create blockchain smart contracts, but on Saturday its developers warned that versions 0.2.15, 0.2.16 and 0.3.0 are vulnerable to an issue in which hackers manipulate smart contracts in order to drain account funds
The investigation is ongoing but any project relying on these versions should immediately reach out to us.
Decentralized Finance platform Curve Finance said in a post-mortem on Monday that at least $61 million worth of cryptocurrency was stolen from the platform through the vulnerability.
Some “white hat” hackers have been able to claw back a portion of the stolen funds, but the platform is attempting to reach out to the exploiters in an effort to get them to return the stolen crypto.
The Curve team will continue to explore all avenues for the recovery of user funds and updates on the situation will be made on the social channels.
Bloomberg reported that in addition to the funds stolen from the platform, $1.5 billion was also removed for safekeeping after Curve Finance tweeted that users should withdraw their funds.
In addition to Curve Finance, several other platforms — like Ellipsis, Alchemix, and MetronomeDAO — were affected by the incident.
Several blockchain security firms had differing estimates on the losses due to confusion about how much white hat hackers had been able to get back from the original hackers.