One after another, the web3 platforms are being exploited by hackers since the global crypto boom; one of the recent victims is the decentralized finance (DeFi) protocol Curve.Finance. The thieves stole $570,000 from the exchange as its front end was compromised through an attack taking control of its nameserver.
Curve Finance is an Ethereum-based decentralized exchange and automated market maker (AMM) for trading stablecoins and wrapped digital assets such as wBTC and tBTC.
Update: The DeFi exchange has announced the issue has been fixed and says it is safe to use again. They also reminded the affected users to revoke the contract used for the exploitation.
In a tweet, Samczsun, a researcher at Paradigm, reported that the Curve Finance front end has been compromised and advised users to not engage with the platform until the issue is resolved.
After receiving the report, Curve immediately confirmed the exploit and warned users not to use the platform’s frontend. They also stated that the team is investigating.
Accordingly, they found that the hackers compromised a Curve website or domain name to redirect unsuspecting users and their transactions to a malicious contract. Fortunately, the program’s contract remained uncompromised.
Subsequently, the protocol’s operators announced via Telegram that they found the source of the problem and resolved it.
“If you have approved any contracts on Curve in the past few hours, please revoke immediately,” Curve advised.
Further, the team also advised users to temporarily use curve.exchange until the propagation of curve.fi goes back to normal.
“We are becoming aware of a potential front end issue that is approving a bad contract. For now, please do not perform any approvals or swaps. We’re trying to locate the issue, but for now, for your safety, do not use curve.fi or curve.exchange,” the telegram announcement read.
On the other hand, Web3 on-chain sleuth Zachxbt revealed that the thieves stole $570,000 in ETH and sent it to the FixedFloat cryptocurrency exchange to launder the money.
To address this, FixedFloat stated that it had frozen 112 ETH ($191,088 or approximately ₱10,534,427.04) of the stolen funds.
This article is published on BitPinas: DeFi Exchange Curve Loses $570,000 in Frontend Hack
Disclaimer: BitPinas articles and its external content are not financial advice. The team serves to deliver independent, unbiased news to provide information for Philippine-crypto and beyond.