{"id":65664,"date":"2022-08-11T12:58:25","date_gmt":"2022-08-11T09:58:25","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=65664"},"modified":"2025-09-06T21:13:26","modified_gmt":"2025-09-06T18:13:26","slug":"curve-finance-users-lose-573000-in-front-end-attack","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/curve-finance-users-lose-573000-in-front-end-attack\/","title":{"rendered":"Curve Finance users lose $573,000 in front-end attack"},"content":{"rendered":"<p>On August 9, unknown actors compromised the frontend of the DeFi protocol Curve Finance. As a result, users lost assets valued at $573,000.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/PeckShieldAlert?src=hash&#038;ref_src=twsrc%5Etfw\">#PeckShieldAlert<\/a> <a href=\"https:\/\/twitter.com\/CurveFinance?ref_src=twsrc%5Etfw\">@CurveFinance<\/a> exploiters transferred \uff5e27.7 ETH to <a href=\"https:\/\/twitter.com\/TornadoCash?ref_src=twsrc%5Etfw\">@TornadoCash<\/a>, ~292 <a href=\"https:\/\/twitter.com\/search?q=%24ETH&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$ETH<\/a> to <a href=\"https:\/\/twitter.com\/FixedFloat?ref_src=twsrc%5Etfw\">@FixedFloat<\/a> who claimed that they have frozen part of the stolen funds in the amount of 112 <a href=\"https:\/\/twitter.com\/search?q=%24ETH&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$ETH<\/a>, and ~20 <a href=\"https:\/\/twitter.com\/search?q=%24ETH&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$ETH<\/a> to <a href=\"https:\/\/twitter.com\/binance?ref_src=twsrc%5Etfw\">@binance<\/a>. <a href=\"https:\/\/t.co\/kZ3zwyjowA\">https:\/\/t.co\/kZ3zwyjowA<\/a> <a href=\"https:\/\/t.co\/dt75PQOAv8\">pic.twitter.com\/dt75PQOAv8<\/a><\/p>\n<p>\u2014 PeckShieldAlert (@PeckShieldAlert) <a href=\"https:\/\/twitter.com\/PeckShieldAlert\/status\/1557202180569833472?ref_src=twsrc%5Etfw\">August 10, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>PeckShield said that the attackers transferred 27.7 ETH to Tornado Cash, 292 ETH to the FixedFloat protocol (112 ETH of which were blocked) and 20 ETH to<a href=\"https:\/\/forklog.com\/en\/news\/what-is-binance\"> Binance<\/a>.<\/p>\n<p>The Curve Finance developers urged not to use the platform&#8217;s site until further guidance. Later they<a href=\"https:\/\/twitter.com\/CurveFinance\/status\/1557116419497672711\"> <\/a>proposed an alternative domain. They urged, if necessary, to revoke approvals for the malicious contract.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">The issue has been found and reverted. If you have approved any contracts on Curve in the past few hours, please revoke immediately. Please use <a href=\"https:\/\/t.co\/6ZFhcToWoJ\">https:\/\/t.co\/6ZFhcToWoJ<\/a> for now until the propagation for <a href=\"https:\/\/t.co\/vOeMYOTq0l\">https:\/\/t.co\/vOeMYOTq0l<\/a> reverts to normal<\/p>\n<p>\u2014 Curve Finance (@CurveFinance) <a href=\"https:\/\/twitter.com\/CurveFinance\/status\/1557116419497672711?ref_src=twsrc%5Etfw\">August 9, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The next day the team released a report provided by the hosting service iwantmyname. It notes DNS cache poisoning by an external provider and no compromise of the server itself.<\/p>\n<p>The attack occurred on August 9 at around 19:00 UTC. After discovery, the team shut down the servers and restored access by around 21:00 UTC on the same day.<\/p>\n<p>Analyses indicated that neither the server nor the provider&#8217;s infrastructure had been compromised. The root cause remains under investigation.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u00abNo one on the Internet is 100% safe from such attacks. What happened underlines the urgent need to move from DNS to <\/em><a href=\"https:\/\/forklog.news\/cryptorium\/chto-takoe-ethereum-name-service-ens\/\"><em>ENS<\/em><\/a><em>\u00bb,<\/em> \u2014 wrote Curve Finance.<\/p>\n<\/blockquote>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">We have a brief report from <a href=\"https:\/\/twitter.com\/iwantmyname?ref_src=twsrc%5Etfw\">@iwantmyname<\/a> about what has happened. In brief: DNS cache poisoning, not nameserver compromise.<a href=\"https:\/\/t.co\/PI1zR96M1Z\">https:\/\/t.co\/PI1zR96M1Z<\/a><\/p>\n<p>No one on the web is 100% safe from these of attacks. What has happened STRONGLY suggests to start moving to ENS instead of DNS<\/p>\n<p>\u2014 Curve Finance (@CurveFinance) <a href=\"https:\/\/twitter.com\/CurveFinance\/status\/1557505570533478403?ref_src=twsrc%5Etfw\">August 10, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In July, registrations in the Ethereum Name Service rose to record levels.<\/p>\n<p>Earlier ForkLog reported on attacks on DeFi project DNS servers, including Convex Finance, Allbridge, Ribbon Finance and DeFi Saver. All of them relied on Namecheap for domain registration.<\/p>\n<p> Read ForkLog\u2019s bitcoin news in our <a href=\"\/\/telegram.me\/forklog\u201d\" target=\"\u201c_blank\u201d\" rel=\"\u201cnofollow\u201d noopener\">Telegram<\/a> \u2014 cryptocurrency news, prices and analysis.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On August 9, unknown attackers compromised the DeFi protocol Curve Finance&#8217;s frontend. As a result, users lost assets valued at $573,000.<\/p>\n","protected":false},"author":1,"featured_media":65665,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1426,2242],"class_list":["post-65664","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-curve-crv","tag-domain-name-system"],"aioseo_notices":[],"amp_enabled":true,"views":"15","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/65664","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=65664"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/65664\/revisions"}],"predecessor-version":[{"id":65666,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/65664\/revisions\/65666"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/65665"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=65664"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=65664"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=65664"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}