Ward Analytics reposted this
No spring break for Curio… 😞 Curio got hit with a $16 million 💸 sneeze thanks to a leaky smart contract on #Ethereum 4 days ago. They rushed to say "it's just an Ethereum problem, folks," leaving Polkadot and Curio Chain out of the drama. The hacker didn't just play with governance toys; they went full Ocean's Eleven with token swaps and cross-chain shenanigans. They're still sitting on a mountain of 996 billion CGT (!), making it a pain to figure out how deep the hole goes. But how did it happen? > The CurioDAO Association revealed on March 23, 2024, that their voting protocol was compromised. > Hacken, Blockchain Security Auditor detailed the breach, highlighting a critical misuse of the "cook" function within an attack contract that manipulated governance and triggered mass token minting through the "IDSChief" and "IDSPause" contracts. > The attacker acquired a minimal amount of CGT tokens to gain elevated voting power and executed a delegate call to a malicious contract by locking these tokens and voting. >This exploit wasn't just about creating new tokens and altering governance though; it involved intricate financial maneuvers, including token swaps and cross-chain transfers, aiming to disperse and conceal the origin of the fraudulently minted tokens. > CurioDAO was quick on its feet, and released an exploit recovery strategy on March 25. Follow me for updates! (investigation in comments)
See a breakdown of asset movements here: https://wardgraph.com/graph/defbc828-2094-48fb-9fe9-4175f64e255d