Curve Finance Exploit: Experts Break Down What Went Wrong
The attackers who hacked the Curve Finance landing page acted quickly to convert the stolen funds into various tokens through different exchanges, wallets and mixers.
Decentralized finance (DeFi) protocols continue to be targeted by hackers, with Curve Finance becoming the latest platform to be compromised after a DNS hijacking incident.
The automated market maker warned users not to use the front-end of its website on August 9 after the incident was reported online by a number of members of the cryptocurrency community in the broad sense.
Although the exact attack mechanism is still under investigation, the consensus is that the attackers managed to clone the Curve Finance website and redirect the DNS server to the fake page. Users who attempted to use the platform then saw their funds drained to a pool managed by the attackers.
Curve Finance managed to remedy the situation in due time, but the attackers still managed to siphon off what was initially estimated to be $537,000 in USD Coin (USDC) in the time it took to restore the hacked domain. The platform believes its DNS server provider Iwantmyname was hacked, allowing subsequent events to unfold.
Cointelegraph reached out to blockchain analytics firm Elliptic to dissect how attackers managed to dupe unsuspecting Curve users. The team confirmed that a hacker had compromised Curve's DNS, which resulted in malicious transactions being signed.
Related: Cross...
The attackers who hacked the Curve Finance landing page acted quickly to convert the stolen funds into various tokens through different exchanges, wallets and mixers.
Decentralized finance (DeFi) protocols continue to be targeted by hackers, with Curve Finance becoming the latest platform to be compromised after a DNS hijacking incident.
The automated market maker warned users not to use the front-end of its website on August 9 after the incident was reported online by a number of members of the cryptocurrency community in the broad sense.
Although the exact attack mechanism is still under investigation, the consensus is that the attackers managed to clone the Curve Finance website and redirect the DNS server to the fake page. Users who attempted to use the platform then saw their funds drained to a pool managed by the attackers.
Curve Finance managed to remedy the situation in due time, but the attackers still managed to siphon off what was initially estimated to be $537,000 in USD Coin (USDC) in the time it took to restore the hacked domain. The platform believes its DNS server provider Iwantmyname was hacked, allowing subsequent events to unfold.
Cointelegraph reached out to blockchain analytics firm Elliptic to dissect how attackers managed to dupe unsuspecting Curve users. The team confirmed that a hacker had compromised Curve's DNS, which resulted in malicious transactions being signed.
Related: Cross...
What's Your Reaction?
