Hack Track

CurioDAO is a multichain platform focused on real-world asset tokenization, enhancing liquidity through various mechanisms such as stablecoins, a launchpad, and Automated Market Makers.

The platform is governed by the Curio Governance Token (CGT), allowing holders to participate in decision-making processes related to the Curio Creator Protocol.

On the 23rd of March 2024, a vulnerability in the voting power privilege access control was exploited, leading to a significant security breach. The attacker gained access to Curio Governance (CGT) tokens, allowing them to increase their voting power within the project's smart contract. With this elevated voting power, the attackers were able to execute the unauthorized minting of a large quantity of CGT tokens. 

On October 25th, 2023, LastPass, a widely used password manager, fell victim to a security breach. The breach had significant ramifications, affecting approximately 25 users whose assets were distributed across 80 wallets. This breach resulted in a staggering loss of approximately $4.4 million in various cryptocurrencies. Among the affected blockchain networks were Bitcoin, Ethereum, Binance Smart Chain, Polygon, Solana, Cardano, Litecoin, Arbitrum, and Avalanche. 

On the 13th of August 2023, at around 10:30 pm UTC, Zunami Protocol suffered a price manipulation attack and lost approximately $2.1 million.

On August 7th, 2023, Steadefi, a sophisticated yield aggregator, fell victim to an assault that resulted in a substantial loss of over $1.14 million.

On the 30th of July, Curve Finance, a decentralized, Automated Market Maker (AMM), was hacked leading to a loss of ~ $45 million in CurveDAO, ETH, and wETH. The attackers exploited a malfunctioning reentrancy lock on different versions of the Vyper programming language (0.2.15, 0.2.16, and 0.3.0) across multiple stable-pools.