Skip to main content
Sign in

Curio

avoid.net/curio10/100·100% conf.
[AI-DRAFTED · AWAITING VERIFICATION][src:defillama]
anchored·hjYonJ…eV3C

Summary

Curio (CurioDAO) is a multi-chain real-world asset (RWA) DeFi protocol that suffered a critical smart contract exploit on March 23, 2024, resulting in approximately $16 million in losses after an attacker exploited a voting-power privilege escalation vulnerability to mint approximately 1 billion unauthorized CGT governance tokens. The protocol had no known third-party security audits prior to the exploit and relied on internal reviews. Curio announced a recovery plan including a new CGT 2.0 token and a phased compensation program, though independent verification of full compensation delivery remains limited.

Connected Entities

1 entities
Organizations
Curio
Relationships
    Have evidence about Curio?

    Timeline(7 events)

    2024-03-23

    Exploit executed on Curio's Ethereum governance contract. Attacker acquires minimal CGT tokens, escalates voting privileges via IDSChief/IDSPause contracts, and mints approximately 1 billion unauthorized CGT tokens. Estimated loss: $16 million.

    2024-03-23

    CurioDAO Association publicly announces the exploit and halts emergency operations.

    2024-03-25

    Curio publishes official post-mortem identifying a permission access logic vulnerability in the MakerDAO-derived governance smart contract as the root cause.

    2024-03-25

    Multiple independent security firms (Hacken, Cyvers, Neptune Mutual, Halborn) publish technical analyses of the exploit, corroborating the attack vector.

    2024-03-25

    Curio announces recovery plan: CGT 2.0 token launch within 2 weeks, four-stage 90-day LP compensation in USDC/USDT, 10% treasury airdrop, and white hat bounty of 10% of recovered funds.

    2024-03-26

    Curio announces CGT 2.0 token publicly, pledging 100% restoration for pre-exploit CGT holders across all affected networks.

    2025-03-23

    Projected completion date of the four-stage, one-year compensation program. Independent verification of full delivery is not available in public sources.

    Provenance & Audit Trail
    Anchored on SolanaVerify on-chainsrc:defillama

    Decision Log

    This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

    full audit log →version history →

    model: claude-sonnet-4-6

    generated: 5/4/2026, 2:54:34 AM

    last updated: 5/19/2026, 8:13:17 PM

    avoid.net — verified advice for a post-truth world