Reports indicate that the decentralized finance (defi) protocol Curve was hacked for $570,000 in ethereum after people noticed that Curve’s front end was exploited. The attackers then tried to launder the funds via the crypto exchange Fixedfloat, and the trading platform’s team managed to freeze $200K worth of the stolen funds.
Curve Finance Exploited for $570K — Fixedfloat Exchange Freezes More Than $200K, Domain Service Blamed
On August 9, the Paradigm researcher discovered another defi hack. Samczsun tweeted that Curve Finance’s frontend was compromised. Curve Finance posted a tweet confirming the problem and then the team was able revert to the exploit discovered on the frontend. “The issue has been found and reverted,” Curve said. “If you have approved any contracts on Curve in the past few hours, please revoke immediately.”
🚨🚨🚨@CurveFinanceFrontend has been compromised. Do not use until further notice.
— samczsun (@samczsun) August 9, 2022
When Curve was asked if the team could “go into detail about how the name servers were compromised?” Curve replied: “That we don’t know. It is most likely that [iwantmyname.com] themselves got hacked.” The on-chain researcher ZachxbtIt was reported that the hacker got away with it $570K. Fixedfloat received the funds and noted that some funds had been frozen by the Bitcoin Lightning Network-powered exchange Fixedfloat.
“Our security department has frozen part of the funds in the amount of 112 [ether]. In order for our security department to be able to sort out what happened as soon as possible, please email us” Fixedfloat wrote. Steven FergusonTcpshield founder, Jeremy, confirmed that there was a possibility that the domain name iwantmyname.com had been compromised.
“On August 9th at 20:26 UTC, I was pinged regarding [Curve fi’s]In what appears to have been a nameserver hijack, frontend is compromised [iwantmyname.com],” Ferguson said. Tcpshield’s founder also added:
The hijacking did not occur at the level of the registrar, but systems at [iwantmyname.com]They have been compromised.
The Curve attack follows a great number of defi hacks during the last few weeks, as the Solana-based Slope wallet was breached, Crema Finance lost $8.7 million, and Rari Capital’s Fuse platform was hacked for $80 million. In Q1 2022, $1.3 billion was also stolen. Most of these attacks were attributed to defi projects.
The Curve team was formed following the Curve attack. tweetingWatch these video tutorials about how to revoke smart contracts. Curve Finance was created after the issues were fixed. said: “Updates should have propagated for [Curve] everywhere by now, which means it should be safe to use.” Curve Finance has $6.13 billion total value locked (TVL) today, making it the fifth-largest defi protcol in terms of TVL size.
Let us know your thoughts on the Curve Finance hack, which occurred August 9. Please comment below to let us know your thoughts on this topic.
Image creditShutterstock. Pixabay. Wiki Commons
DisclaimerThis information is provided for educational purposes only. This article is not intended to be a solicitation or offer to sell or buy any product, service, or company. Bitcoin.com doesn’t offer investment, tax or legal advice. The author and the company are not responsible for any loss or damage caused by the content or use of any goods, services, or information mentioned in the article.