Their official Twitter handleCurve Finance, an Ethereum-based Decentralized Finance (DeFi), protocol has discovered a flaw in its nameserver.fi. This vulnerability was later fixed. The team behind this project had warned users to be cautious and stated that an investigation was underway to investigate any vulnerabilities.
Team behind this project said:
This issue was reverted and has now been resolved. You must immediately revoke contracts that you approved on Curve within the last 24 hours. Use curve.exchange from now on until propagation of curve.fi returns to normal
One theory that the team behind this project had was about how their frontend could have been affected. A bad actor might have “cloned” their frontend, making it look like it is the same as the Curve Finance product, to affect people accessing it.
Team behind this project sharedLefteris Karpetsas is the founder of Rotkia App. He explains the theory behind the attack that impacted their Domain Name System.
It’s DNS spoofing. The DNS was spoofing. It cloned the site and pointed it to the DNS server.
Therefore, anyone attempting to access Curve Finance’s curve.fi frontend should refrain from it until there are more details behind the potential attack. A separate tweet from the Curve Finance team stated that the curve.exchange website frontend is unaffected.
Any Curve Finance user should revoke transaction approval for the following ETH smart contract addresses: 0x9Eb5F8e83359Bb5013f3D8eee60bDCe5654e8881 and watch out for transactions from address 0x50f9202e0f1c1577822BD67193960B213CD2f331 which the attacker could be using.
After Attack, Curve Financing Tokens Receive Correction
Karapetsas claims that Curve Finance was at most the fourth affected by this DNS hijacking attack. Ribbon Finance and DeFi Saver were also affected by these attacks. Convex Finance is another DeFi project that was affected. Alex Smirnov is a cofounder of deBridge. saidThe following is information about the recent attack
The DNS link is always weak. The following is how deBridge solved this problem. Every DeFi project should have it. An automated monitoring system checks every file and hash of any website. Critical monitoring will be activated immediately in the event that hash changes.
Curve Finance believes that the issue might have come from iwantmyname (a DNS manager), but has yet to provide more information. As this attack became public, Curve Finance reported that the token had experienced a 10% correction over the last 24 hours.
