Curio, a project that aims to help firms unlock liquidity from their real-world assets, has experienced a $16 million exploit within its ecosystem.

The exploit seemingly stemmed from a permission access logic vulnerability that allowed an attacker to mint an additional 1 billion CGT tokens, according to web3 detection and prevention project Cyvers on X.

The attacker in question currently holds these CGT tokens, which are worth nearly $40 million, Cyvers Alerts noted.

The notification follows a post from the Curio Ecosystem account on X from Saturday that alerted the community to the smart-contract exploit.

A MakerDAO-based smart contract used within the ecosystem was exploited on the Ethereum side, it explained. "We're actively addressing the situation and will keep you updated. Rest …