Curve Finance fixes site exploit and asks users to revoke any recent contracts
A front-end exploit appears to have stolen over $573,000, according to users.
Recent news
On Tuesday, automated market maker Curve Finance took to Twitter to warn users of an exploit on its site. The team behind the protocol noted that the issue, which appeared to be a malicious actor attack, affected the service's name server and interface.
Do not use the site https://t.co/vOeMYOTq0l - the name server is compromised. The investigation is ongoing: it is likely that the SN itself has a problem
— Curve Finance (@CurveFinance) August 9, 2022Curve said via Twitter that its exchange — which is a separate product — appeared unaffected by the attack because it uses a different domain name system (DNS) provider.
However, the issue was quickly resolved by the team. An hour after the initial warning, Curve said it had both found and fixed the issue, asking users who had approved contracts on Curve in the past few hours to revoke them "immediately".
The problem has been found and solved. If you have approved contracts on Curve in the past few hours, please revoke them immediately. Please use https://t.co/6ZFhcToWoJ for now until the spread of https://t.co/vOeMYOTq0l returns to normal
— Curve Finance (@CurveFinance) August 9, 2022Curve noted that, most likely, DNS server provider Iwantmyname was hacked, adding that it then changed nameservers.
A name server works like a directory that translates domain names into IP addresses.
While the exploit was in progress, Twitter user LefterisJP speculated that the alleged attacker likely used DNS spoofing to run the exploit on the service:
It's DNS spoofing. Cloned the site, rendered the...
A front-end exploit appears to have stolen over $573,000, according to users.
Recent news
On Tuesday, automated market maker Curve Finance took to Twitter to warn users of an exploit on its site. The team behind the protocol noted that the issue, which appeared to be a malicious actor attack, affected the service's name server and interface.
Do not use the site https://t.co/vOeMYOTq0l - the name server is compromised. The investigation is ongoing: it is likely that the SN itself has a problem
— Curve Finance (@CurveFinance) August 9, 2022Curve said via Twitter that its exchange — which is a separate product — appeared unaffected by the attack because it uses a different domain name system (DNS) provider.
However, the issue was quickly resolved by the team. An hour after the initial warning, Curve said it had both found and fixed the issue, asking users who had approved contracts on Curve in the past few hours to revoke them "immediately".
The problem has been found and solved. If you have approved contracts on Curve in the past few hours, please revoke them immediately. Please use https://t.co/6ZFhcToWoJ for now until the spread of https://t.co/vOeMYOTq0l returns to normal
— Curve Finance (@CurveFinance) August 9, 2022Curve noted that, most likely, DNS server provider Iwantmyname was hacked, adding that it then changed nameservers.
A name server works like a directory that translates domain names into IP addresses.
While the exploit was in progress, Twitter user LefterisJP speculated that the alleged attacker likely used DNS spoofing to run the exploit on the service:
It's DNS spoofing. Cloned the site, rendered the...
What's Your Reaction?
