Coinspeaker
BNB Chain Suffers Copycat Attacks Worth $73,000 of Crypto
In a recent development, BNB Smart Chain (BSC), a popular rival to the Ethereum (ETH) network has experienced a series of copycat attacks that resulted in the theft of approximately $73,000 worth of crypto.
It is worth mentioning that this incident was similar to the infamous attack that previously affected the Ethereum-based Decentralized Finance (DeFi) protocol Curve Finance.
Following the attacks, BlockSec, a blockchain security firm promptly initiated an investigation to ascertain the nature of the exploits. As highlighted on Twitter, their findings suggested that the attackers had employed sophisticated techniques to exploit the vulnerabilities in the Vyper programming language, catching the BSC community off guard.
The copycat attacks on the BSC were attributed to a malfunctioning reentrancy lock in certain versions of the Vyper programming language. This vulnerability affected Vyper versions 0.2.15, 0.2.16, and 0.3.0, which are widely used by several DeFi pools on BSC.
A reentrancy lock is a critical security technique that prohibits recurrent calls to a contract’s functions. In a reentrancy attack, a hostile actor leverages this vulnerability to repeatedly call a contract’s function before the initial call completes, resulting in unintended consequences and potentially allowing unauthorized access to funds.
Vyper, a popular programming language, was created originally for the Ethereum Virtual Machine (EVM). Its goal was to give a more secure and user-friendly alternative to Solidity, another popular language for developing Ethereum smart contracts.
However, the recent vulnerability discovered in specific Vyper versions highlights that no programming language is immune to potential flaws. The impact of this vulnerability reaches beyond the BSC ecosystem. Since Vyper is used not only on BSC but also by various other protocols across different blockchain platforms.
BNB Chain Attacks: White Hat Hacker Springs into Action
White hat hackers are cybersecurity experts who use their skills for ethical purposes, seeking to identify and patch vulnerabilities in systems and networks. In response to the BSC exploit, these ethical hackers quickly mobilized to counter the attackers and protect users and DeFi protocols from further harm.
One white hat hacker in particular, operating under the alias “c0ffebabe.eth,” took significant action. Upon discovering the exploit, “c0ffebabe.eth” moved swiftly to secure some of the stolen funds for safekeeping, aiming to prevent black hat hackers from causing further damage.
On July 30, “c0ffebabe.eth” sent an on-chain message, urging the affected DeFi protocols to contact them for a coordinated effort to return the funds to their rightful owners. As a testament to the ethical hacker’s dedication, “c0ffebabe.eth” has successfully returned nearly 2,900 Ether (ETH) worth over $5 million to the DeFi protocol Curve.
To further ensure the funds’ safety, “c0ffebabe.eth” moved 1,000 ETH to a newly-created wallet, likely serving as a cold storage wallet. This strategic move aims to isolate the funds from potential black hat attacks, emphasizing the hacker’s commitment to safeguarding the recovered assets.
