An attacker hijacked control of DNS-server of the DeFi protocol Convex Finance to prompt users to approve malicious smart contracts. The project team is assessing the potential damage.
Investigation is still ongoing, but a quick update for the community:
— DNS for https://t.co/5rSUjMgY4u was hijacked, prompting users to approve malicious contracts for some interactions on the site.
— Funds on verified contracts are unaffected.— Convex Finance (@ConvexFinance) June 23, 2022
An attacker hijacked the DNS server of the DeFi protocol Convex Finance to prompt users to approve malicious smart contracts. The project team is assessing the potential damage.
The developers stressed that funds on verified contracts were not affected. However, at least five addresses interacted with the malicious contract. Its owners were urged to come forward.
As of this writing, the investigation remains ongoing. Convex Finance has promised to publish further details later.
The project’s CVX token did not react to the incident. In the last 24 hours the asset rose by 2% (CoinGecko). CVX is trading around $4.60 — more than 92% below its January 2022 all-time high of $60.
In April, the Convex Finance team patched the vulnerability, potentially threatening a loss of $15 billion. The bug was identified by OpenZeppelin researchers.
Follow ForkLog’s Bitcoin news on our Telegram — cryptocurrency news, rates and analytics.