Curve Finance impersonators on Twitter are also promoting a phony refund plan to hack victims.
A white hat hacker stole 2,879 Ether, worth $5.4 million, from an exploiter and returned it to the decentralized finance (DeFi) system Curve Finance during the latest hack.
Due to broken reentrancy locks in different Vyper programming language versions, multiple Curve Finance stablepools were abused on July 30. Curve Finance lost over $47 million. However, Vyper-vulnerable DeFi protocols were exploited, stressing the DeFi ecosystem.
An ethical hacker returned some stolen assets to Curve Finance the same day. The maximal extractable value bot operator “c0ffeebabe.eth” deployed a front-running bot to secure approximately 3,000 ETH from a hostile hacker. The funds were returned to the Curve deployer address, which appears to be its lawful custodian.
During the commotion, Twitter accounts imitating Curve Finance and hack victims are advertising a phony refund plan for individuals who lost their monies. As of this writing, Curve Finance has not announced a refund.
Vyper-related copycat attacks have hit BNB Smart Chain. BlockSec reported three exploits took $73,000.
The U.S. Securities and Exchange Commission has enacted new cybersecurity incident regulations for public corporations. These organizations must report a “material” cyberattack four days later. The SEC said the rule will also require periodic reporting on cybersecurity risk management procedures.