The Curio project encountered a $16 million exploit in its smart contract ecosystem that allowed an attacker to mine 1 billion CGT tokens.

A vulnerability in the permissions access logic was the root cause of the exploit. The attacker currently owns approximately $40 million worth of CGT tokens. The community was alerted to the exploit in a post on Saturday.

The MakerDAO-based smart contract used in the Curio ecosystem was used on the Ethereum side. The company is actively working to resolve the situation and promises to publish a recovery plan in the near future.

The importance of multi-chain infrastructure was highlighted as the exploit only affected part of the Curio ecosystem and contracts on the Polkadot and Curio Chain side remained safe.