Curve Finance users lose $573,000 in front-end attack

On August 9, unknown actors compromised the frontend of the DeFi protocol Curve Finance. As a result, users lost assets valued at $573,000.

#PeckShieldAlert @CurveFinance exploiters transferred ～27.7 ETH to @TornadoCash, ~292 $ETH to @FixedFloat who claimed that they have frozen part of the stolen funds in the amount of 112 $ETH, and ~20 $ETH to @binance. https://t.co/kZ3zwyjowA pic.twitter.com/dt75PQOAv8

— PeckShieldAlert (@PeckShieldAlert) August 10, 2022

PeckShield said that the attackers transferred 27.7 ETH to Tornado Cash, 292 ETH to the FixedFloat protocol (112 ETH of which were blocked) and 20 ETH to Binance.

The Curve Finance developers urged not to use the platform’s site until further guidance. Later they proposed an alternative domain. They urged, if necessary, to revoke approvals for the malicious contract.

The issue has been found and reverted. If you have approved any contracts on Curve in the past few hours, please revoke immediately. Please use https://t.co/6ZFhcToWoJ for now until the propagation for https://t.co/vOeMYOTq0l reverts to normal

— Curve Finance (@CurveFinance) August 9, 2022

The next day the team released a report provided by the hosting service iwantmyname. It notes DNS cache poisoning by an external provider and no compromise of the server itself.

The attack occurred on August 9 at around 19:00 UTC. After discovery, the team shut down the servers and restored access by around 21:00 UTC on the same day.

Analyses indicated that neither the server nor the provider’s infrastructure had been compromised. The root cause remains under investigation.

«No one on the Internet is 100% safe from such attacks. What happened underlines the urgent need to move from DNS to ENS», — wrote Curve Finance.

We have a brief report from @iwantmyname about what has happened. In brief: DNS cache poisoning, not nameserver compromise.https://t.co/PI1zR96M1Z

No one on the web is 100% safe from these of attacks. What has happened STRONGLY suggests to start moving to ENS instead of DNS

— Curve Finance (@CurveFinance) August 10, 2022

In July, registrations in the Ethereum Name Service rose to record levels.

Earlier ForkLog reported on attacks on DeFi project DNS servers, including Convex Finance, Allbridge, Ribbon Finance and DeFi Saver. All of them relied on Namecheap for domain registration.

Read ForkLog’s bitcoin news in our Telegram — cryptocurrency news, prices and analysis.