On Tuesday, DeFi protocol Curve Finance suffered a front-end exploit, with attackers managing to steal around $573,000.
Paradigm researcher samczsun, first brought it to notice and warned users from using the protocol. Shortly after, Curve Finance tweeted that it’s investigating the issue.
Hackers were able to hijack CurveFi’s DNS system and instate a replica website with a malicious contract on the homepage. Any interaction with the contract would immediately drain out the wallet. Unwitting users who fell prey to this lost all of their funds. Curve clarified that it’s other website curve.exchange used a different DNS server and remained unaffected.
CurveFi, which uses automated matchmaking for trading stablecoins and other cryptocurrencies, urged the domain registrar iwantmyname.com to “please do something.”
According to on-chain data, the malicious contract drained over $573,000 in USDC and DAI from eight different wallets. The funds were then converted to ETH and transferred to crypto exchange FixedFloat in batches of 45 and 20-25 ETH.
FixedFloat tweeted that it had frozen about 112 ETH or approx $191,000 of the transferred funds.
“We switched nameserver, but don’t rush to use http://curve.fi – wait a bit,” Curve tweeted.
A few hours later, the decentralized exchange posted that the issue had been fixed and advised users to revoke any contract signed in the past few hours.
This is the third high-profile case of the month following the Solana wallet exploit and the Nomad bridge hack, leading to the loss of millions worth of tokens. If anything, the crypto community – including the users and protocols – should be on its toes in an industry rife with relentless hacking incidents.