Curve Finance suffers DNS hack: $570K stolen

DeFi suffers yet another hack...
Curve Finance suffers DNS hack $570K stolen

On Tuesday, DeFi protocol Curve Finance suffered a front-end exploit, with attackers managing to steal around $573,000. 

Paradigm researcher samczsun, first brought it to notice and warned users from using the protocol. Shortly after, Curve Finance tweeted that it’s investigating the issue. 

Hackers were able to hijack CurveFi’s DNS system and instate a replica website with a malicious contract on the homepage. Any interaction with the contract would immediately drain out the wallet. Unwitting users who fell prey to this lost all of their funds. Curve clarified that it’s other website curve.exchange used a different DNS server and remained unaffected. 

CurveFi, which uses automated matchmaking for trading stablecoins and other cryptocurrencies, urged the domain registrar iwantmyname.com to “please do something.”

According to on-chain data, the malicious contract drained over $573,000 in USDC and DAI from eight different wallets. The funds were then converted to ETH and transferred to crypto exchange FixedFloat in batches of 45 and 20-25 ETH. 

FixedFloat tweeted that it had frozen about 112 ETH or approx $191,000 of the transferred funds.

“We switched nameserver, but don’t rush to use http://curve.fi – wait a bit,” Curve tweeted. 

A few hours later, the decentralized exchange posted that the issue had been fixed and advised users to revoke any contract signed in the past few hours. 

This is the third high-profile case of the month following the Solana wallet exploit and the Nomad bridge hack, leading to the loss of millions worth of tokens. If anything, the crypto community – including the users and protocols – should be on its toes in an industry rife with relentless hacking incidents. 

Disclaimer
All articles published on Coinmash are strictly for informational purposes only. Coinmash has no involvement with any assets discussed and urges everyone to do their own research before making any financial decisions. Read our disclaimer to learn more.

Author

James Satoshi
James Satoshi
James is a leader in Web3, NFTs, & DeFi with over 4 years of experience in the industry. You'll spot him covering all topics through-out Coinmash in our guides and analysis sections.