Analysis of the Curio Exploit
Learn how Curio was exploited, which resulted in a loss of approximately $16 million.
Youtube Video
Playing the video that you've selected below in an iframe
Learn how Grand Base was exploited, resulting in a loss of assets worth $2.5 million.
On April 15, 2024, Grand Base was exploited on the Base chain, which resulted in a loss of 808.57 ETH worth of assets, amounting to approximately $2.5 million.
Grand Base is a decentralized market for spot synthetic RWAs, designed to provide exposure to RWAs without holding the actual underlying asset.
The root cause of the exploit is the private key compromise of their deployer wallet.
Step 1:
Following the compromise of the deployer wallet, the scammer was able to mint and sell a significant amount of GB tokens.
Step 2:
These are some of the attack transactions executed by the attackers:
0xe8b0af9a2c7a3482958792d620328aa780097788fc18e1b7e1328a4a459132d0: mint 22,500,000 GB tokens
0x74237dfd7ac0e251311c71ff2c2536b146eeb68c465d47325bdd4517f34a7259: mint 10,000,000 GB tokens
Step 3:
The attacker performed over 600 swaps to exchange these stolen assets for ETH on the Aerodrome.
Step 4:
After these swaps were completed, the converted assets in ETH on the Base chain were bridged to the Ethereum Mainnet.
0x519acbeb333fd43dead8bc66faa4d419d310d6bf8011a056ce279d26845da70d: 30 ETH worth $92,207
0x66334af4901b7d4e5e536c17fee41431aee3bde03c6da823d4d9dd5adc43aa92: 61.3 ETH worth $188,410
Step 5:
These bridged ETHs on the Ethereum Mainnet were distributed to five different wallets, and then parked in an EOA, which, at the time of this writing, holds 808.57 ETH, worth approximately $2.49 million.
0x13E1aEb0FC5Dbc5a2061874f1435Cfa314860F84: 319.42 ETH worth $985,451
0xC77C9450625444F371A7d49Def616bde7Cd58e6d: 191.25 ETH worth $590,044
0xf8f598d2480500De1BeDDD746E91F34021293467: 206.71 ETH worth $637,737
0xd8C21702B74d14b68f2580E28c10Ecc53304c274: 61.21 ETH worth $188,838
0xB124546F9f89F178a785D539d299E372B9dc1eC6: 29.95 ETH worth $92,416
The team took to X (formerly Twitter) to announce the occurrence of the incident roughly 6 hours after the initial community alert. They urged their community members to stay away from their contract as it is not safe anymore.
According to them, they are working with their partners to recover these stolen assets and freeze the hacker's address. They claim that the GB token contract is not safe anymore, and users should not swap or interact with it. The price of the underlying GB token dropped by over 99%.
In light of the recent exploit of Grand Base, several measures can be recommended to address the vulnerabilities exposed and safeguard against future incidents. The reaction time of the team in acknowledging the incident, which took several hours, underscores the need for a more robust incident response protocol. A faster and more transparent communication strategy is crucial to maintaining trust and providing users with immediate steps to secure their assets.
The lack of a public audit record or the associated contract details for the Grand Base project significantly contributed to the vulnerability of the platform. Conducting and publishing comprehensive security audits is essential to identify and mitigate security flaws before they can be exploited. These audits should be performed regularly by reputable third-party security firms, and the results should be made accessible to all users.
Another concerning aspect is the anonymity of the founding team, which has not been publicly disclosed. This lack of transparency can often be associated with fraudulent intentions, such as an exit scam, which appears to be a possibility in this case. Going forward, it would be beneficial for DeFi platforms to ensure that detailed information about the team's background and experience is available. This transparency helps in building credibility and trust with users and investors.
Users and investors should always exercise caution and perform due diligence before engaging with any platform, especially in the rapidly evolving and sometimes opaque fields of DeFi and Real World Assets (RWAs). The recent popularity of RWAs has attracted not only innovators but also malicious actors looking to exploit the enthusiasm and investment flowing into this space.
Despite having strong security measures, completely mitigating the risk of exploitation remains a challenge. In these scenarios, partnering with Neptune Mutual is vital. By creating a dedicated cover pool with Neptune Mutual, the adverse effects of incidents akin to the Grand Base exploit can be substantially mitigated. Neptune Mutual excels at offering coverage for losses due to smart contract vulnerabilities, employing parametric policies designed specifically for such risks. While we don't offer coverage for incidents akin to the private key or wallet compromise, we are also open to making exceptions in many cases.
Collaborating with Neptune Mutual simplifies the recovery process for users by reducing the necessity for detailed proof of loss documents. Once an incident is verified and resolved through our detailed incident resolution protocol, our focus immediately shifts to promptly compensating and supporting those impacted. This approach ensures rapid aid for users affected by security breaches.
Our coverage extends across various major blockchain platforms, such as Ethereum, Arbitrum, and the BNB chain, providing comprehensive support to a wide range of DeFi participants. This extensive coverage strengthens our ability to guard against numerous vulnerabilities, thereby increasing the overall security of our varied clientele.
Reference Source CertiK