The equivalent of several tens of millions of dollars, between 52 and 62 according to the latest counts. The hackers who attacked the decentralized Curve Finance protocol on July 30th have just rounded up the package. Meager consolation: an ethical hacker managed to regain control of part of the magot, that is 2,879 ethers, the equivalent of about $ 5.4 million.
According to the first investigations, the decentralized exchange would have been the victim of a vulnerability in Vyper. This programming language is used on the Ethereum blockchain to code smart contracts. The flaw obviously allowed the attackers to empty several of Curve’s cash reserves, stored in the form of various crypto-assets.
As reported by the specialized media Decrypt, this hack is giving cold sweats to the crypto ecosystem. Because this flaw could be exploited against other smart contracts, outside the Curve platform, also based on compromised versions of Vyper. A concern that the programming language team is well aware of. In their pithy tweet confirming the flaw, the latter called on project leaders based on versions 0.2.15, 0.2.16 and 0.3.0 to contact them immediately.
One of the developers of Vyper also noticed that the attackers had to take “a long time to identify” the vulnerability, by meticulously searching in the depths of their code for “a few weeks to a few months”. “I think it is reasonable to suspect that state-sponsored hackers may be involved,” he adds.
Lazarus, usual suspect
A hypothesis that will have to be proven, but which is very credible. Example with the Estonian crypto platform CoinsPaid. Victim of a computer hacking on July 22, which ended in a theft of $ 37 million, she named Lazarus as the main suspect, one of the most active hacker groups in North Korea … already also suspected by the Elliptic company in June of being behind the $ 100 million hack of Atomic Wallet.
Chainalysis, another firm specializing in tracking transactions on the blockchain, had also pointed out that hackers affiliated with North Korea had been involved in crypto hacks totaling the equivalent of $ 1.7 billion stolen in 2022. Crypto thefts that, in general, break records. Chainalysis had estimated at around 3.8 billion dollars – against 3.3 billion in 2021 and only 500 million in 2020 – the amount of stolen cryptos in 2022.