Log in/ Sign up

Weekend Exploit: Binance Smart Chain Hit by Copycat Attacks


The BNB Smart Chain (BSC), a prominent rival to the Ethereum (ETH) network, faced a series of copycat attacks resulting in a crypto theft of approximately $73,000.

The incident closely resembled the infamous attack that previously impacted the Ethereum-based DeFi protocol, Curve Finance.

Promptly, the blockchain security firm BlockSec launched an investigation to understand the nature of these exploits.

Their findings, shared on Twitter, revealed that the attackers utilized sophisticated techniques to exploit vulnerabilities in the Vyper programming language, leaving the BSC community surprised.

The copycat attacks were attributed to a malfunctioning reentrancy lock in specific versions of the Vyper programming language, including versions 0.2.15, 0.2.16, and 0.3.0, commonly used by several DeFi pools on BSC.

???... What's a Reentrancy Lock..?

Imagine you have a door with a lock, and only one person can enter the room at a time. However, this door has a tricky flaw: it allows someone to sneak back in while the door is still closing i.e. tailgating.

This could lead to unexpected situations, like someone grabbing something from the room after they were supposed to leave.

Now, let's apply this concept to a smart contract on the blockchain.

A reentrancy lock is a security feature that should prevent someone from repeatedly using the contract's functions before the previous use is fully completed.

However, in a reentrancy exploit, a clever attacker takes advantage of this flaw in the contract's code to keep going back into the contract before the original action is done.

Malicious actors exploit this vulnerability to repeatedly call a contract's function before the initial call is complete, leading to unintended consequences and potential unauthorized access to funds.


Originally created for the Ethereum Virtual Machine (EVM), Vyper aimed to provide a more secure and user-friendly alternative to Solidity for developing Ethereum smart contracts.

However, the recent vulnerability found in specific Vyper versions underscores that no programming language is entirely immune to potential flaws.

The impact of this vulnerability extends beyond the BSC ecosystem as Vyper is used across various blockchain platforms, including BSC

Add Comment
Load more comments