Attacker mints 1 billion CGT governance tokens in exploit within Curio ecosystem

Quick Take

  • Curio experienced a $16 million exploit within its ecosystem that involves a MakerDAO-based smart contract.
  • The exploit seemingly stemmed from a permission access logic vulnerability that allowed an attacker to mint an additional 1 billion CGT tokens.

Curio, a project that aims to help firms unlock liquidity from their real-world assets, has experienced a $16 million exploit within its ecosystem.

The exploit seemingly stemmed from a permission access logic vulnerability that allowed an attacker to mint an additional 1 billion CGT tokens, according to web3 detection and prevention project Cyvers on X.

The attacker in question currently holds these CGT tokens, which are worth nearly $40 million, Cyvers Alerts noted.

The notification follows a post from the Curio Ecosystem account on X from Saturday that alerted the community to the smart-contract exploit.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

A MakerDAO-based smart contract used within the ecosystem was exploited on the Ethereum side, it explained. "We're actively addressing the situation and will keep you updated. Rest assured, all Polkadot side and Curio Chain contracts remain secure."

"This only impacted a portion of our ecosystem which highlights the importance for a multi chain infrastructure," the X account added. It said a recovery plan will be published shortly.