Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » News » DeFi Protocols Rocked by Latest Hacks Exploiting Vyper Language Vulnerabilities

DeFi Protocols Rocked by Latest Hacks Exploiting Vyper Language Vulnerabilities

by

Recent hacks on DeFi protocols BNB Smart Chain and Curve Finance expose a vulnerability in Vyper's programming language, leading to millions of dollars in losses.

DeFi Protocols Rocked by Latest Hacks Exploiting Vyper Language Vulnerabilities

Share this article

Hackers have zeroed in on a vulnerability in the Vyper programming language — a well-known tool widely used for developing Web3 projects that target the Ethereum Virtual Machine (EVM) — on two significant DeFi protocols: BNB Smart Chain and Curve Finance.

Vyper is known for its similarities to Python, making it a common starting point for Python developers venturing into DeFi. The attacks in question exploited a flaw in the reentrancy lock of Vyper versions 0.2.15, 0.2.16, and 0.3.0, leading to multiple breaches across different protocols.

The losses have been significant across several platforms. On the BNB Smart Chain (BSC), there was reportedly multiple attacks due to the reentrancy lock vulnerability found in specific versions of Vyper (0.2.15, 0.2.16, 0.3.0) reported on July 30. Blockchain security firm BlockSec reported that these attacks led to a theft of around $41 million worth of cryptocurrencies.

Curve Finance, a DeFi protocol, suffered even more on the same day. Several of its stable pools using the afflicted Vyper versions were exploited, with losses exceeding $47 million. A total of 32 million CRV tokens worth over $22 million were drained from the swap pool, as confirmed by Curve on Twitter.

The reentrancy lock is a critical component that should prevent multiple functions from being executed simultaneously. When correctly implemented, this guard would have thwarted the attackers. But in the case of the Vyper versions, the reentrancy guard was not implemented correctly, making a number of DeFi pools susceptible to attacks.

Several other DeFi projects have also reported losses, such as Ellipsis, which reported an unspecified amount in BNB stable pools.

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.