{"id":75159,"date":"2023-07-31T04:19:50","date_gmt":"2023-07-31T04:19:50","guid":{"rendered":"https:\/\/bitcoinwisdom.com\/?p=75159"},"modified":"2023-07-31T04:19:55","modified_gmt":"2023-07-31T04:19:55","slug":"curve-finance-liquidity-pools-exploited-47m-lost","status":"publish","type":"post","link":"https:\/\/bitcoinwisdom.com\/sv\/curve-finance-liquidity-pools-exploited-47m-lost\/","title":{"rendered":"Curve Finance Likviditetspooler utnyttjade, $47M f\u00f6rlorat"},"content":{"rendered":"<ul class=\"wp-block-list\">\n<li><strong>Likviditetspooler p\u00e5 Curve Finance utnyttjades och n\u00e4ra $47 miljoner tappades fr\u00e5n DeFi-protokollet.<\/strong><\/li>\n\n\n\n<li><strong>En s\u00e5rbarhet i versionerna 0.2.15, 0.2.16 och 0.3.0 av programmeringsspr\u00e5ket Vyper ledde till hacken.\u00a0<\/strong><\/li>\n\n\n\n<li><strong>Kryptob\u00f6rsen Binances BNB Smart Chain drabbades av ett liknande utnyttjande och angripare dr\u00e4nerade $73K.<\/strong><\/li>\n\n\n\n<li><strong>I augusti 2022 drabbades Curve Finance av en annan attack som ledde till en f\u00f6rlust p\u00e5 $570 000.<\/strong><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<p>Den ledande plattformen f\u00f6r decentraliserad finans (DeFi) Curve Finance har utnyttjats, och enligt blockchain-s\u00e4kerhetsplattformen BlockSec har n\u00e4rmare $47 miljoner utnyttjats fr\u00e5n plattformen. En s\u00e5rbarhet i programmeringsspr\u00e5ket Vyper har n\u00e4mnts som orsaken till hacken. Intressant nog har kryptob\u00f6rsen Binances BNB Smart Chain ocks\u00e5 m\u00f6tt en liknande exploatering.<\/p>\n\n\n\n<p>Enligt Vyper \u00e4r versionerna 0.2.15, 0.2.16 och 0.3.0 av programmeringsspr\u00e5ket s\u00e5rbara f\u00f6r felaktiga \u00e5terintr\u00e4desl\u00e5s. Alla projekt som arbetar med detta programmeringsspr\u00e5k har uppmanats att vara f\u00f6rsiktiga och n\u00e5 ut till Vyper-teamet, inklusive Curve Finance.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">PSA: Vyper-versionerna 0.2.15, 0.2.16 och 0.3.0 \u00e4r s\u00e5rbara f\u00f6r felaktiga \u00e5terintr\u00e4desl\u00e5s. Utredningen p\u00e5g\u00e5r men alla projekt som f\u00f6rlitar sig p\u00e5 dessa versioner b\u00f6r omedelbart n\u00e5 ut till oss.<\/p>\u2014 Vyper (@vyperlang) <a href=\"https:\/\/twitter.com\/vyperlang\/status\/1685692973051498497?ref_src=twsrc%5Etfw\" rel=\"nofollow noopener\" target=\"_blank\">30 juli 2023<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<p>&quot;Utredningen p\u00e5g\u00e5r, men alla projekt som f\u00f6rlitar sig p\u00e5 dessa versioner b\u00f6r omedelbart n\u00e5 ut till oss,&quot; Vyper <a href=\"https:\/\/twitter.com\/vyperlang\/status\/1685692973051498497\" class=\"ek-link\" rel=\"nofollow noopener\" target=\"_blank\">uppgav<\/a> via sociala medieplattformen X (tidigare k\u00e4nd som Twitter). Dessutom, enligt analys av s\u00e4kerhetsf\u00f6retaget Ancilia, anv\u00e4nde 136 kontrakt Vyper 0.2.15 med skydd f\u00f6r \u00e5tertr\u00e4dande, 98 kontrakt anv\u00e4nde Vyper 0.2.16 och 226 kontrakt anv\u00e4nde Vyper 0.3.0.<\/p>\n\n\n\n<p>Dessutom bekr\u00e4ftade Curve Finance \u00e4ven utnyttjandet via sitt officiella X-konto, och uppgav att ett antal stablepools som anv\u00e4nder Vyper 0.2.15, inklusive alETH\/msETH\/pETHalETH\/msETH\/pETH har utnyttjats. Andra pooler, inklusive crvUSD-kontrakt och eventuella pooler med dem, \u00e4r <a href=\"https:\/\/twitter.com\/CurveFinance\/status\/1685701582883618816\" class=\"ek-link\" rel=\"nofollow noopener\" target=\"_blank\">inte p\u00e5verkas<\/a>.\u00a0<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">Ett antal stablepools (alETH\/msETH\/pETH) som anv\u00e4nder Vyper 0.2.15 har utnyttjats som ett resultat av ett felaktigt \u00e5terintr\u00e4desl\u00e5s. Vi utv\u00e4rderar situationen och kommer att uppdatera samh\u00e4llet n\u00e4r saker och ting utvecklas.<br><br>Andra pooler \u00e4r s\u00e4kra. <a href=\"https:\/\/t.co\/eWy2d3cDDj\" rel=\"nofollow\">https:\/\/t.co\/eWy2d3cDDj<\/a><\/p>\u2014 Curve Finance (@CurveFinance) <a href=\"https:\/\/twitter.com\/CurveFinance\/status\/1685693202722848768?ref_src=twsrc%5Etfw\" rel=\"nofollow noopener\" target=\"_blank\">30 juli 2023<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<p>Enligt den f\u00f6rsta analysen som gjordes av m\u00e5nga m\u00e4nniskor i kryptorymden, implementerar vissa versioner av Vyper-kompilatorn inte \u00e5terintr\u00e4desskyddet korrekt. Som ett resultat av detta fungerar inte funktionen som f\u00f6rhindrar att flera funktioner k\u00f6rs samtidigt genom att l\u00e5sa ett kontrakt. Dessutom kan \u00e5terintr\u00e4desattacker potentiellt t\u00f6mma alla medel fr\u00e5n ett kontrakt. Detta \u00e4r den grundl\u00e4ggande orsaken till exploateringen p\u00e5 Curve Finance.<\/p>\n\n\n\n<p>Tillsammans med Curve Finance drabbades Binances BNB Smart Chain ocks\u00e5 av ett utnyttjande, och angriparen gjorde undan med mer \u00e4n $73 000 i kryptovalutor. Attacker p\u00e5 Ethereum har redan passerat $41 miljoner.<\/p>\n\n\n\n<p>Intressant nog, redan i augusti 2022 drabbades Curve Finance av en annan attack som ledde till en f\u00f6rlust p\u00e5 $570,000. Binance hj\u00e4lpte dock DeFi-plattformen <a href=\"https:\/\/bitcoinwisdom.com\/sv\/binance-recovers-450k-of-the-curve-stolen-funds\/\" class=\"ek-link\">\u00e5terh\u00e4mta sig n\u00e4ra $450k<\/a> efter att hackaren f\u00f6rs\u00f6kte likvidera tillg\u00e5ngarna. Curve avsl\u00f6jade att problemet m\u00f6jligen kan ha varit ett resultat av ett hack p\u00e5 leverant\u00f6ren av dom\u00e4nnamnsservern (DNS) <a href=\"https:\/\/bitcoinwisdom.com\/sv\/curve-finance-addresses-issue-with-hacker-heres\/\" class=\"ek-link\">&#039;iwantmyname<\/a>.&#039;<\/p>","protected":false},"excerpt":{"rendered":"<p>Likviditetspooler p\u00e5 Curve Finance utnyttjades och n\u00e4ra $47 miljoner tappades fr\u00e5n DeFi-protokollet.<\/p>","protected":false},"author":21,"featured_media":75162,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_editorskit_title_hidden":false,"_editorskit_reading_time":0,"_editorskit_is_block_options_detached":false,"_editorskit_block_options_position":"{}","_uag_custom_page_level_css":"","footnotes":""},"categories":[190,12],"tags":[135,1324],"class_list":["post-75159","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blockchain-news","category-news","tag-blockchain","tag-curve-finance"],"acf":[],"uagb_featured_image_src":{"full":["https:\/\/bitcoinwisdom.com\/wp-content\/uploads\/2023\/07\/Curve-Finance.jpg",1200,675,false],"thumbnail":["https:\/\/bitcoinwisdom.com\/wp-content\/uploads\/2023\/07\/Curve-Finance-500x330.jpg",500,330,true],"medium":["https:\/\/bitcoinwisdom.com\/wp-content\/uploads\/2023\/07\/Curve-Finance-300x169.jpg",300,169,true],"medium_large":["https:\/\/bitcoinwisdom.com\/wp-content\/uploads\/2023\/07\/Curve-Finance-768x432.jpg",640,360,true],"large":["https:\/\/bitcoinwisdom.com\/wp-content\/uploads\/2023\/07\/Curve-Finance-1024x576.jpg",640,360,true],"1536x1536":["https:\/\/bitcoinwisdom.com\/wp-content\/uploads\/2023\/07\/Curve-Finance.jpg",1200,675,false],"2048x2048":["https:\/\/bitcoinwisdom.com\/wp-content\/uploads\/2023\/07\/Curve-Finance.jpg",1200,675,false],"trp-custom-language-flag":["https:\/\/bitcoinwisdom.com\/wp-content\/uploads\/2023\/07\/Curve-Finance-18x10.jpg",18,10,true]},"uagb_author_info":{"display_name":"Parth Dubey","author_link":"https:\/\/bitcoinwisdom.com\/sv\/author\/parth\/"},"uagb_comment_info":0,"uagb_excerpt":"Liquidity pools on Curve Finance were exploited, and close to $47 million was drained from the DeFi protocol.","_links":{"self":[{"href":"https:\/\/bitcoinwisdom.com\/sv\/wp-json\/wp\/v2\/posts\/75159","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitcoinwisdom.com\/sv\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitcoinwisdom.com\/sv\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitcoinwisdom.com\/sv\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/bitcoinwisdom.com\/sv\/wp-json\/wp\/v2\/comments?post=75159"}],"version-history":[{"count":0,"href":"https:\/\/bitcoinwisdom.com\/sv\/wp-json\/wp\/v2\/posts\/75159\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitcoinwisdom.com\/sv\/wp-json\/wp\/v2\/media\/75162"}],"wp:attachment":[{"href":"https:\/\/bitcoinwisdom.com\/sv\/wp-json\/wp\/v2\/media?parent=75159"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitcoinwisdom.com\/sv\/wp-json\/wp\/v2\/categories?post=75159"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitcoinwisdom.com\/sv\/wp-json\/wp\/v2\/tags?post=75159"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}