Curio Faces $16 Million Exploit, Commits to Compensation Plan

Curio grapples with a $16 million exploit stemming from a voting power vulnerability, prompting a compensation plan for affected users and a recovery initiative.

In a significant setback, Curio, a project dedicated to enabling liquidity from real-world assets, has encountered a severe exploit, resulting in losses amounting to $16 million. The exploit, linked to a vulnerability in the project voting power mechanism, allowed hackers to generate an additional 1 billion CGT tokens, translating to the substantial financial loss.

Addressing the issue promptly, Curio announced a compensation program aimed at mitigating the impact on affected liquidity providers. This program, expected to span over a year, reflects Curio commitment to restoring trust and rectifying the consequences of the exploit.

Following the exploit, Curio engaged with Web3 security firm Cyvers to assess the breach. Cyvers’ analysis pointed to a loophole in the permissioned access logic as the root cause of the hack. This loophole enabled the attacker to manipulate the smart contracts, leading to the unauthorized creation of a significant volume of CGT tokens.

In response to the breach, Curio swiftly communicated with its community, informing them of the exploit and the ensuing actions being taken. Notably, only the Ethereum-based smart contracts were affected, with contracts on Polkadot and the Curio Chain remaining secure.

A detailed post-mortem report released by Curio shed light on the exploit technical aspects, attributing it to a voting power privilege access control flaw. The attacker leveraged this flaw to gain undue access and execute unauthorized transactions within the Curio DAO contract.

In an effort to recover the lost funds and provide restitution to affected parties, Curio outlined a comprehensive recovery plan. This plan includes rewarding white hat hackers who assisted in recovering the funds and introducing a new token, CGT 2.0, to facilitate the return of funds to CGT holders.

Furthermore, Curio devised a staged compensation program for liquidity providers impacted by the exploit. Spread across four phases, each lasting 90 days, this program aims to reimburse 25% of the losses incurred by affected liquidity pools in USDC or USDT. However, given the staged approach, full compensation may extend up to one year.

The incident underscores the persistent challenges faced by decentralized platforms in safeguarding against exploits and vulnerabilities. Despite concerted efforts to enhance security measures, the evolving nature of cyber threats necessitates ongoing vigilance and proactive measures to mitigate risks.

While the cryptocurrency sector continues to witness rapid growth and innovation, incidents like the Curio exploit underscore the importance of robust security protocols and community resilience in safeguarding against emerging threats.

Our creator. creates amazing NFT collections! 
Support the editors - Bitcoin_Man (ETH) / Bitcoin_Man (TON)

Pi Network (Guide)is a new digital currency developed by Stanford PhDs with over 55 million participants worldwide. To get your Pi, follow this link https://minepi.com/Tsybko and use my username (Tsybko) as the invite code.

Binance: Use this link to sign up and get $100 free and 10% off your first months Binance Futures fees (Terms and Conditions).

Bitget: Use this link Use the Rewards Center and win up to 5027 USDT!(Review)

Bybit: Use this link (all possible discounts on commissions and bonuses up to $30,030 included) If you register through the application, then at the time of registration simply enter in the reference: WB8XZ4 - (manual)