The decentralized finance (DeFi) project Curio has fallen victim to a hacking attack, with preliminary estimates putting the damage at $16 million, according to experts from Cyvers.
🚨ALERT🚨@curio_invest has experienced a $16M exploit involving a smart contract based on @MakerDAO within their ecosystem!
The exploit appears to stem from a permission access logic vulnerability. The attacker leveraged this vulnerability to mint an additional 1B $CGT.… https://t.co/xWvvYzrWaI pic.twitter.com/mdrKyV3t9U
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) March 25, 2024
According to available information, the Curio project is focused on providing services to companies dealing with tokenized real-world assets (RWA).
On March 23rd, the protocol team warned of an exploit in the MakerDAO smart contract. Developers explained that the incident occurred on the Ethereum side.
Community Alert: We've just been notified of a smart contract exploit within our ecosystem. Unfortunately, MakerDAO’s based Smart contract used within our ecosystem were exploited on the Ethereum side. We're actively addressing the situation and will keep you updated. Rest…
— Curio Ecosystem | Tokenize The World (@curio_invest) March 23, 2024
“This only impacted a portion of our ecosystem which highlights the importance for a multi chain infrastructure,” stated the representatives of Curio.
According to Cyvers, the attacker exploited a vulnerability in the access control logic and issued an additional 1 billion CGT tokens. Their value is estimated at $39.7 million.
It’s worth noting that since the beginning of 2024, the amount of stolen funds in the crypto industry has exceeded $200 million, according to Immunefi. This represents a 15.4% increase compared to the same period in 2023.