Attacker mints 1 billion CGT governance tokens in exploit within Curio ecosystem

Security • March 25, 2024, 8:00AM EDT
Published 1 minute earlier on
The Block

Quick Take

  • Curio experienced a $16 million exploit within its ecosystem that involves a MakerDAO-based smart contract.
  • The exploit seemingly stemmed from a permission access logic vulnerability that allowed an attacker to mint an additional 1 billion CGT tokens.

Curio, a project that aims to help firms unlock liquidity from their real-world assets, has experienced a $16 million exploit within its ecosystem.

The exploit seemingly stemmed from a permission access logic vulnerability that allowed an attacker to mint an additional 1 billion CGT tokens, according to web3 detection and prevention project Cyvers on X.

The attacker in question currently holds these CGT tokens, which are worth nearly $40 million, Cyvers Alerts noted.

The notification follows a post from the Curio Ecosystem account on X from Saturday that alerted the community to the smart-contract exploit.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

A MakerDAO-based smart contract used within the ecosystem was exploited on the Ethereum side, it explained. "We're actively addressing the situation and will keep you updated. Rest assured, all Polkadot side and Curio Chain contracts remain secure."

"This only impacted a portion of our ecosystem which highlights the importance for a multi chain infrastructure," the X account added. It said a recovery plan will be published shortly.


Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Adam is the managing editor for Europe, the Middle East and Africa. He is based in central Europe and was a managing editor and podcast host at the crypto exchange OKX's former research arm, OKX Insights. Before that, he co-founded BeInCrypto.com, which he elevated into one of the leading crypto media brands at its peak as the editor-in-chief. Earlier, he served as the editor-in-chief at Bitcoinist.com. Before joining the blockchain and crypto industry, he worked for Looper.com, Grunge.com and SVG.com. He tweets via @XBT002 and can be emailed at [email protected].

Editor

To contact the editor of this story:
Tim Copeland at
[email protected]

More by Adam James