Curve Finance Rewards Security Researcher $250,000 for Uncovering Critical Vulnerability
Curve Finance Rewards Security Researcher $250,000 for Uncovering Severe Vulnerability
In trend decentralized finance (DeFi) protocol Curve Finance has awarded a security researcher $250,000 for discovering a major vulnerability that has traditionally enabled hackers to siphon off millions of bucks from cryptocurrency protocols.
The researcher, is known as Marco Croc from Kupia Security, identified a reentrancy vulnerability in Curve Finance and elaborated on the bug’s most likely for manipulating balances and withdrawing funds from liquidity pools.
Acknowledging the severity of the vulnerability, Curve Finance performed an intensive investigation and ensuing from this truth granted Marco Croc the utmost bug bounty award.
Curve Finance Incentivizes White Hat Hacking
Despite the indisputable truth that the probability used to be categorised as “no longer as terrible,” the protocol acknowledged they identified the aptitude dread that will most likely be pleased ensued had a security incident came about.
With this reward, Curve Finance goals to incentivize to blame security research and give a take to its defenses in opposition to most likely exploits.
This pattern comes within the wake of Curve Finance’s restoration from a $62 million hack in July.
As piece of the protocol’s restoration efforts, it nowadays voted to reimburse $49.2 million rate of resources to liquidity providers (LPs).
The disbursement used to be accredited by 94% of tokenholders, covering losses incurred within the Curve, JPEG’d (JPEG), Alchemix (ALCX), and Metronome (MET) pools.
Handsome wanted to emphasise the scale of this. Victims are made total with this vote with:
– $7.2M rate of ETH recovered by whitehats to the DAO being dispensed
– $42M rate of CRV compensating unrecovered aspects (vested)
– Assorted whitehat-recovered funds dispensed earlier than vote https://t.co/qmcK9pmTe5— Curve Finance (@CurveFinance) December 22, 2023
The repayment concept entails the utilization of Curve DAO (CRV) tokens from the neighborhood fund.
It also accounts for tokens recovered for the reason that incident, ensuing in a final distribution of 55,544,782.73 CRV.
The Ethereum (ETH) and CRV quantity to be recovered were calculated as 5,919.2226 ETH and 34,733,171.51 CRV, respectively.
The vulnerability exploited by the attacker targeted accurate pools and affected reveal versions of the Vyper programming language.
Variations 0.2.15, 0.2.16, and nil.3.0 of Vyper were realized to be at probability of reentrancy attacks, which the attacker leveraged to create unauthorized fund withdrawals.
April Details Lowest Crypto Hack Losses
The cryptocurrency industry skilled a major downturn in blended losses from hacks and scams in April.
The month saw the bottom blended losses from crypto-related hacks and scams since 2021, with roughly $25.7 million lost to exploits, hacks, and scams.
Extra particularly, handiest $25.7 million used to be lost in attacks at some stage within the month, marking the bottom quantity since CertiK started tracking such files in 2021.
Flash mortgage attacks accounted for $129,000 in losses, with the biggest incident inflicting $55,000 in damages.
This marked the bottom incidence of flash mortgage attacks since February 2022, and $4.3 million used to be lost to exit scams.
As reported, the principle quarter of this 365 days has viewed $336 million lost to Web3 hackers and fraud, with virtually half of of the capital stolen in January by myself.
Then again, the quantity represents a 23% lower compared with the principle quarter of 2023.
It will most likely be rate noting that $73,885,000 has been recovered from stolen Web3 capital in 7 reveal eventualities.
Source : cryptonews.com
