Automated market maker Curve Finance used Twitter on Tuesday to alert users of a danger on its platform. The protocol’s developers saw that the problem, which seemed to be a malicious actor’s attack, was affecting the service’s nameserver and frontend.
According to reports, the attacker was a hacker who intended to use the platform as a way to steal money from unsuspecting users. Later, Curve revealed that its staff had identified and fixed the website’s problem. However, it asked users to withdraw any contracts they had approved on Curve.
JUST IN: Curve Finance has been hacked with $573,000 stolen so far.
— Watcher.Guru (@WatcherGuru) August 9, 2022
According to on-chain data, the malicious contract has taken approximately $573,000 in USDC and DAI from eight different victims. The funds were instantly moved to the attacker’s wallet and exchanged for ETH tokens. The hacker sent funds to the cryptocurrency exchange FixedFloat, initially in batches of 45 ETH, then in sums ranging from 20 to 22 ETH.
Chronology of the hacker attack
- Hackers stole around $570,000 from the Curve Finance, decentralized financial protocol.
- Samczsun, a Twitter user, predicted that the suspected attacker had most likely utilized DNS spoofing to exploit the service while it was still active.
looks as usual to me? how can one tell it is compromised? pic.twitter.com/79205EZeZW
— La Tour (@LaTour85640275) August 9, 2022
3. Curve later confirmed the active exploit on Twitter.
Don't use https://t.co/vOeMYOTq0l site – nameserver is compromised. Investigation is ongoing: likely the NS itself has a problem
— Curve Finance (@CurveFinance) August 9, 2022
4. The Curve team speculated that the attacker cloned the Curve site, directed the Domain Name System (DNS) to the false site, and then added approval requests to the malicious contract. It was also said that, in contrast to curve.fi, curve.exchange seemed to be unaffected.
Although you need to proceed with caution, but https://t.co/6ZFhcToWoJ seems to be unaffected – uses a different DNS provider
— Curve Finance (@CurveFinance) August 9, 2022
5. Curve stated that the DNS server provider Iwantmyname was most likely compromised, and that it has now changed its nameserver. A nameserver works similar to a directory, converting domain names into IP addresses. While the hack was still active, Twitter user LefterisJP claimed that the suspected attacker had most likely used DNS spoofing to execute the exploit on the service.
Dear @iwantmyname, looks like something is compromised on your side (most likely, name servers – they seem to override what the UI tells them to serve). Please do something.
For everyone else: we switched nameserver, but don't rush to use https://t.co/vOeMYOTq0l – wait a bit
— Curve Finance (@CurveFinance) August 9, 2022
6. The team acted fast to resolve the issue. Following the initial warning, Curve claimed that it had found and resolved the issue, and recommended clients “immediately” withdraw any contracts they had recently accepted.
The issue has been found and reverted. If you have approved any contracts on Curve in the past few hours, please revoke immediately. Please use https://t.co/6ZFhcToWoJ for now until the propagation for https://t.co/vOeMYOTq0l reverts to normal
— Curve Finance (@CurveFinance) August 9, 2022
7. The Curve team confirmed on Twitter that the exploit had been fixed and asked Curve users to withdraw any Curve contracts they had accepted in the previous few hours.
Updates should have propagated for https://t.co/vOeMYOTq0l everywhere by now, which means it should be safe to use
— Curve Finance (@CurveFinance) August 10, 2022
8. FixedFloat reported that funds worth 112 ETH (about $191,000) had been blocked in relation to the attack.
About Curve Finance
Curve Finance is a DeFi system that offers “very efficient” stablecoin trading services with low slippage and fees. With approximately $6 billion in total value locked in, it is considered a pillar of the DeFi ecosystem.
Analysts noted in July that they were favorably evaluating Curve Finance, despite the market downturn that is currently affecting the larger DeFi sector. Delphi Digital researchers cited the platform’s yield potential, demand for Curve DAO Token (CRV) deposits, and the protocol’s income generation through stablecoin liquidity as reasons for their confidence.
This happened after the company published a brand-new “algorithm for exchanging volatile assets” in June. They promised low-slippage swaps between “volatile” assets. These pools combine a bonding curve method, formerly employed by well-known automated market makers like Uniswap, with internal oracles relying on exponential moving averages (EMAs).
⬆️In addition, for more cryptocurrency news, check out the Altcoin Buzz YouTube channel.
⬆️Above all, if you want to find the most undervalued gems, up-to-date research, and NFT buys with Altcoin Buzz Access. Join us for $99 per month now.