Cryptocurrency
DeFi
Exchanges
Stablecoins
NFTs
Wallets
Bitcoin
Ethereum
Tokens
ICOs
IEOs
Technology
Crypto
Banking
Supply Chain
Security
Healthcare
Mining
AI
Advertising
Gaming
Retail
Education
Analytics
Hosting
Business
Partnerships
Investments
Adoption
Acquisitions
Conferences
IPOs
Legal
Lawsuits
Patents
Politics
Fraud
Research
Guides
Opinion
Cryptocurrency
Technology
Business
Legal
Politics
Fraud
Research
Guides
Opinion
The Chain Bulletin logo

Curve Finance Finds and Resolves Site Exploit

  • The DeFi platform told its users it had “found and reverted” a frontend exploit only an hour after it was first reported.
  • The attacker apparently used a DNS spoofing attack to clone curve.fi’s website, and redirect the DNS points to his IP address.
by Krasimir Buchvarov August 10, 2022, 12:41 PM
curve

Shutterstock

Major decentralized finance (DeFi) protocol Curve Finance discovered and resolved an apparent attack from a malicious actor on Tuesday, the platform said via Twitter on 9 August.

The issue was first reported by a Paradigm researcher, who discovered that the curve.fi website was compromised, most likely on the frontend. Curve quickly launched an investigation, discovering there was a problem with curve.fi’s Domain Name Service (DNS), and advised its users to instead use curve.exchange as it uses a different DNS provider and appeared to be unaffected by the attacker.

An hour after the initial warning, the DeFi platform’s team said it had discovered and fixed the issue, noting that users had to immediately revoke any contracts they had approved on Curve in “the past few hours”. Curve explained that most likely its DNS server provider, Iwantmyname, was hacked, adding that it had already changed its nameserver. Curve tweeted:

The hacker apparently used a DNS spoofing attack to clone curve.fi, and then redirect the DNS points to his IP address, adding an approval request to a malicious contract to steal users’ funds. While there are no official statements if the attacker was able to steal any funds, some users have reported that he was able to take approximately $570,000 from Curve users.

Discussion
Related Coverage
Unibot to Compensate Users Affected by Exploit
  • Popular Telegram bot Unibot, which is used to snipe trades on Uniswap, became a victim of a token approval exploit earlier today, when it was switching to a new router.
  • After confirming the exploit, Unibot assured users that their keys and wallets were safe, and that the project will compensate all affected users.
October 31, 2023, 3:01 PM
unlock

Shutterstock

Balancer Exploited After Giving Warning
  • DeFi protocol Balancer confirmed it was exploited almost a week after disclosing a critical vulnerability affecting several of its boosted pools.
  • The platform did its best to mitigate some of the risks but was unable to pause the affected pools, and an estimated $980,000 in DAI were stolen in an attack.
Kroll Data Breach Compromises FTX, BlockFi Customer Information
  • A cyber security incident at bankruptcy service provider Kroll has resulted in the exposure of “non-sensitive” customer data for claimants involved in the FTX and BlockFi cases.
  • Both companies confirmed that account passwords, systems, and funds remained safe, but warned customers to be on the lookout for phishing scams.