Curio Loses $16 Million in Smart Contract Exploit; Announces Compensation Plan
Summary:
Curio, an RWA liquidity firm, experienced a smart contract exploit which resulted in the loss of $16 million in digital assets. The security breach, which occurred in a MakerDAO-based smart contract, granted the perpetrator unauthorized voting power, ultimately leading to the illicit minting of 1 billion Curio Governance (CGT) tokens. A compensation plan for affected users is in place, promising full reimbursement through a new token, CGT 2.0, and a staggered compensation program for liquidity providers. Ethical hackers aiding in fund recovery will be rewarded with 10% of the retrieved funds.
Curio, a firm that manages the liquidity of real-world assets (RWAs), has been a victim of a smart contract exploit causing a loss of $16 million in crypto assets. The company informed its user base of this security breach, emphasizing that measures are being taken to control the situation. This exploit happened due to the breach of a MakerDAO-based smart contract in use within the Curio platform. The company reassured its users that this security problem was specific to the Ethereum side of things and didn't affect their Polkadot and Curio Chain contracts, which remained secure. The damages from this security breach, according to Cyvers, a Web3 security firm, are likely to be in the vicinity of $16 million, and claim this breach resulted from a “permission access logic vulnerability”.
On 25th March, Curio provided details about the security mishap and the compensation planned for the affected users. The report emphasized that the breach was due to an issue present in the access control mechanism related to voting power privileges. Using this vulnerability, the attacker bought a minimal number of Curio Governance (CGT) tokens, enabling them to unlock privileged access to up their voting power in the project's smart contract. Armed with unwarranted voting power, the perpetrator executed a sequence of steps to execute arbitrary actions in the Curio DAO contract, ultimately leading to unauthorized printing of 1 billion CGT.
Curio's report assured that the users affected by the breach will be compensated in full. It plans to introduce a new digital token, CGT 2.0, promising to use it to repay 100% of the CGT holders' losses. Curio further stated a compensation program for liquidity providers, broken down into four segments scheduled over 90 days - translating to a full year to disperse the payments fully. They clarified: "The compensation scheme will span 4 constant stages, each continuing for 90 days. During each phase, compensation will be offered in USDC/USDT, accounting for 25% of the losses experienced by the second token in the liquidity pools."
Curio also plans to reward any ethical hackers who can assist in the recovery of the lost funds, offering them an incentive equivalent to 10% of the funds recovered in the first recovery phase.
Published At
3/26/2024 2:15:19 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.