The Curio team assured users that the exploit only affected the Ethereum side, and contracts based on Polkadot and Curio Chain remain safe. Curio discovered that the problem was in permission access control. The hacker purchased a small amount of Curio Governance tokens (CGT), which allowed him to gain access and upgrade his voting rights in the project’s smart contract. And ultimately create 1 billion CGT.
Web3 security company Cyvers calculatedthat the losses from the exploit amount to about $16 million. The Curio team promised to return all funds to affected users. For this purpose, new tokens called CGT 2.0 will be released.
As for liquidity providers, Curio has introduced a compensation program for them. Payments are promised in four stages, each of which will last 90 days. At each, compensation will be paid in stablecoins USDC and USDT in the amount of 25% of losses incurred in the liquidity pools. This means it may take a full year for full payments to be made. Curio management is ready to pay hackers a reward of 10% of the amount of funds returned for the return of stolen crypto assets.
Recently, the aggregator of decentralized exchanges ParaSwap suffered from a hacker attack. The attackers stole $24,000 worth of digital assets, and the project has already begun returning the stolen funds to users.