- Approximately $570,000 was drained from users.
- Hacker used a Domain Name Service spoofing hack, cloned the site, and redirected the DNS point to their IP address.
Decentralized trading platform Curve Finance confirmed that its website had resolved the frontend attack on Tuesday. “Updates should have propagated for http://curve.fi everywhere by now, which means it should be safe to use,” Curve Finance tweet reads.
The hack was first discovered by crypto Twitter users who started sharing a screenshot of the protocol’s wallet on late Tuesday.
The Curve team soon confirmed the frontend attack urging people to revoke contract approvals on its platform. “We are becoming aware of a potential front-end issue approving a bad contract. For now, please do not perform any approvals or swaps. We’re trying to locate the issue, but for now, for your safety, please do not use Curve.fi or curve. Exchange”, Curve Finance statement reads.
The hacker reportedly used a Domain Name Service spoofing hack, cloned the site, and later redirected the DNS point to their IP address. Later, they added approval requests to a malicious contract to drain the funds.
According to blockchain analyst, Zachxbt, approximately $570,000 was drained. The hacker also tried moving funds through FixedFloat, a fully automatic crypto exchange on the Bitcoin Lightning Network. FixedFloat froze 112 ETH, around $191,088, of the stolen funds to save user funds.
“Our security department has frozen part of the funds in the amount of 112 ETH. In order for our security department to be able to sort out what happened as soon as possible, please email us: [email protected],” FixedFloat tweeted.
Launched in 2020, Curve Finance is a decentralized exchange and automated market maker(AMM) for crypto. By focusing on stablecoins alone, the firm eliminates most of the volatility risk associated with crypto trading. Compared to other AMM platforms, the Curve model is particularly conservative in that it avoids volatility and speculation in favor of stability.
Recently, the digital asset market is increasingly subjected to hacks and scams. According to US-based cyber security firm CertiK in the first half of 2022 alone, more than $2 billion has been lost to crypto hacks and breaches. Last week, nearly 8,000 Solana wallets were drained of SOL and other cryptocurrencies, resulting in an $8 million loss for users.