BNB Smart Chain hit with copycat Vyper attack, $73K exploited

cointelegraph.com:

The BNB Smart Chain (BSC) has reportedly suffered copycat attacks due to a vulnerability in the Vyper programming language, following a similar vein to the exploit on the decentralized finance (DeFi) protocol Curve Finance.

Amid the exploits carried out on Ethereum, Blockchain security firm BlockSec tweeted on July 30 that around $73,000 worth of cryptocurrencies on BSC across three exploits had also been stolen.

It comes as similar exploits targeting liquidity pools on Curve Finance have racked up losses exceeding $41 million according to current BlockSec estimates.

The sheet updated. Losses have already ~$41m!https://t.co/lCaS4uEPzm https://t.co/stQYNJFS7y pic.twitter.com/P7jG8NHnV4

The vulnerability was caused by a malfunctioning reentrancy lock on Vyper versions 0.2.15, 0.2.16 and 0.3.0, which is used by a number of DeFi pools.

The programming language is believed to be one of the most widely used for Web3 projects and was designed for Ethereum Virtual Machines (EVMs) and could affect other protocols that use the afflicted Vyper versions.

Since news of the exploit broke, white hat and black hat hackers have been duking it out on-chain attempting to disrupt each other's exploit attempts or efforts to recover funds.

Related: Pond0X token launch snafu leads to millions of dollars in losses

One potential whitehat, known as “c0ffebabe.eth,” was seemingly able to grab some funds to store for safekeeping. On July 30 they sent an on-chain message asking affected protocols to contact them to organize returning funds.

Excellent news!!! hopefully we can get it backhttps://t.co/sElKdYniT1 pic.twitter.com/AEldRorQaq

So far, the wallet has returned nearly 2,900 Ether (ETH) worth over $5 million to Curve according to one