DeFi liquidity pool giant Curve.Finance has suffered an exploit after malicious hackers attacked its front end, stealing cryptocurrency worth around $570,000.
- Paradigm security researcher “samczsun” alerted the community about Curve’s frontend compromise on Tuesday (August 9, 2022), warning people not to engage the protocol until further notice.
🚨🚨🚨@CurveFinance frontend is compromised, do not use it until further notice!
— samczsun (@samczsun) August 9, 2022
- The Curve.Finance team confirmed the report by issuing a warning minutes later, asking users not to use the curve.fi site, stating that its domain name system (DNS) was compromised and the protocol was conducting an investigation into the incident.
- According to Lefteris Karapetsas, founder of the open source portfolio tracker and accounting tool Rotki, hackers “cloned the site, made the DNS point to their IP where the cloned site is deployed, and added approval requests to a malicious contract.”
- Users unaware of the cloning and approved the contract saw their wallets drained.
- Meanwhile, on-chain sleuth “ZachXBT” reported that hackers stole around $570,000 worth of ETH. Cryptocurrency exchange Fixed Float revealed that it already froze 112 ETH ($188,502 at the time of writing) connected to the attack.
- While there was a problem with the curve.fi site, Curve stated that curve.exchange was unaffected, as it used a separate DNS provider. The protocol later said that the issue was identified and resolved and informed that all services should function properly.
“The issue has been found and reverted. If you have approved any contracts on Curve in the past few hours, please revoke immediately. Please use curve.exchange for now until the propagation for curve.fi reverts to normal.”