Curve Finance was the victim of a front-end exploit caused by a DNS issue. It has since resolved the exploit, and FixedFloat has frozen 112 Ethereum worth of stolen funds.
The Curve team believed a glitch led to the site’s nameserver being compromised. This was later confirmed, and in the interim, the team asked users to revoke any approved contacts.
Curve fixes the issue within hours
Curve Finance announced a few hours ago that updates had been sent out, and the platform was safe to use again. The team had pinpointed the issue fairly soon after it was discovered, asking users to use curve.exchange instead of curve.fi
As for how the exploit was present in the first place, the team said that they did not know and that it was iwantmyname that likely got hacked in the first place.
An analysis of the exploit shows that whenever a transaction was approved to spend any asset, it could manually drain the funds into a malicious externally owned account (EOA) instead.
About $570,000 had been stolen. Others have also acted quickly on the matter, ensuring that the damage was limited to the initial thefts. FixedFloat froze 112 ETH of the stolen funds.
There have been several attacks on the DeFi market this year, and it is clear that attackers will use whatever means possible to exploit the most popular platforms. Bridge attacks, in particular, have become popular among attackers, and several of these have taken place in 2022.
The Ronin Bridge attack earlier this year saw over $620 million stolen, and the service only just relaunched, with the Axie Infinity developer having to reimburse victims. Most recently, the Nomad Bridge experienced an attack where hackers made away with nearly $200 million.
Most of these attacks have been because of centralization issues, according to a Certik report. While hacks can have a huge impact on projects and their reputation, it’s not always the case that they are rendered a failure forever. Many DeFi projects have successfully returned following an exploit or hack.
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.