In a startling turn of events, Curio, a liquidity provider for real-world assets (RWA), disclosed a smart contract exploit resulting in a loss of $16 million. The breach, exploiting a vulnerability in voting power privileges, has prompted the firm to unveil a comprehensive compensation program for affected liquidity providers.
The Exploit Unveiled
Curio’s community was alerted to a critical security breach involving a MakerDAO-based smart contract integral to its operations. An assailant exploited a “permission access logic vulnerability,” enabling them to abscond with $16 million in digital assets. This incident underscores the intricate challenges faced in securing blockchain-based financial systems.
Ensuring Security Across Platforms
While the Ethereum-based components of Curio’s operations were compromised, the firm was quick to assure stakeholders that its Polkadot and Curio Chain contracts remained unscathed, highlighting the multi-faceted approach to security in the blockchain space.
A Path to Remediation
Curio’s response to this crisis includes a detailed post-mortem and a four-stage fund compensation program, signaling a commitment to restoring confidence among its users. The proposed solution involves the introduction of CGT 2.0, a new token designed to fully compensate the holders of the original CGT tokens impacted by the exploit.
Compensation and Collaboration
The compensation strategy is structured to span over a year, with liquidity providers receiving 25% of their incurred losses in USDC/USDT at the end of each 90-day phase. Additionally, Curio is reaching out to the cybersecurity community, offering a bounty of 10% of the recovered funds to white hat hackers assisting in the retrieval of the stolen assets.
