Curio Ecosystem Breached: Hacker Mints 1 Billion CGT Tokens

The DeFi project Curio has fallen victim to an attack, with experts from Cyvers Alerts estimating the damage at $16 million. 

?ALERT?@curio_invest has experienced a $16M exploit involving a smart contract based on @MakerDAO within their ecosystem!

The exploit appears to stem from a permission access logic vulnerability. The attacker leveraged this vulnerability to mint an additional 1B $CGT.… https://t.co/xWvvYzrWaI pic.twitter.com/mdrKyV3t9U

— ? Cyvers Alerts ? (@CyversAlerts) March 25, 2024

The decentralized protocol is focused on providing Web3 investors in RWA with infrastructure services for liquidity attraction.

On Saturday, March 23, the Curio team alerted the community to an exploit of the MakerDAO smart contract used within their ecosystem. According to their statement, the incident occurred on the Ethereum side.

“This affected only a part of our ecosystem, highlighting the importance of multichain infrastructure. Please await the publication of the compensation plan,” the developers wrote.

According to Cyvers Alerts specialists, the attacker exploited a vulnerability in the permission access logic and minted 1 billion CGT governance tokens. At the time of writing, the hacker holds these assets, valued at $39.7 million, in their wallet.

In February, the damage to the crypto industry from hacks and scams decreased to approximately $67 million, with all 12 notable incidents linked to the DeFi sector, according to Immunefi.