According to recent reports, the BNB Smart Chain (BSC) experienced copycat attacks that exploited a vulnerability in the Vyper programming language, similar to what happened to the decentralized finance (DeFi) protocol Curve Finance. In light of these exploits happening on Ethereum, BlockSec, a Blockchain security firm, revealed through a tweet on July 30 that approximately $73,000 worth of cryptocurrencies were stolen on the BSC due to three separate exploits.
These attacks on BSC happened alongside similar incidents that targeted liquidity pools on Curve Finance, resulting in losses estimated to exceed $41 million, as reported by BlockSec.
The vulnerability that led to the exploits on the BNB Smart Chain (BSC) was attributed to a malfunctioning reentrancy lock present in Vyper versions 0.2.15, 0.2.16, and 0.3.0. This issue affected several DeFi pools that utilized this particular programming language.
Vyper is considered to be one of the most extensively used languages for Web3 projects. Originally designed for the Ethereum Virtual Machine, its vulnerability could potentially impact other protocols that also rely on the affected versions of Vyper.
Since news of the exploit broke, white hat and black hat hackers have been duking it out on-chain attempting to disrupt each other’s exploit attempts or efforts to recover funds.