DeFi Exchange Curve Loses $570,000 in Frontend Hack

Share some Bitpinas love:

One after another, the web3 platforms are being exploited by hackers since the global crypto boom; one of the recent victims is the decentralized finance (DeFi) protocol Curve.Finance. The thieves stole $570,000 from the exchange as its front end was compromised through an attack taking control of its nameserver.

Curve Finance is an Ethereum-based decentralized exchange and automated market maker (AMM) for trading stablecoins and wrapped digital assets such as wBTC and tBTC.

Update: The DeFi exchange has announced the issue has been fixed and says it is safe to use again. They also reminded the affected users to revoke the contract used for the exploitation.

What happened?

In a tweet, Samczsun, a researcher at Paradigm, reported that the Curve Finance front end has been compromised and advised users to not engage with the platform until the issue is resolved.

After receiving the report, Curve immediately confirmed the exploit and warned users not to use the platform’s frontend. They also stated that the team is investigating. 

Accordingly, they found that the hackers compromised a Curve website or domain name to redirect unsuspecting users and their transactions to a malicious contract. Fortunately, the program’s contract remained uncompromised.

Subsequently, the protocol’s operators announced via Telegram that they found the source of the problem and resolved it. 

“If you have approved any contracts on Curve in the past few hours, please revoke immediately,” Curve advised.

Further, the team also advised users to temporarily use until the propagation of goes back to normal.

“We are becoming aware of a potential front end issue that is approving a bad contract. For now, please do not perform any approvals or swaps. We’re trying to locate the issue, but for now, for your safety, do not use or,” the telegram announcement read.

On the other hand, Web3 on-chain sleuth Zachxbt revealed that the thieves stole $570,000 in ETH and sent it to the FixedFloat cryptocurrency exchange to launder the money.

To address this, FixedFloat stated that it had frozen 112 ETH ($191,088 or approximately ₱10,534,427.04) of the stolen funds.

This article is published on BitPinas: DeFi Exchange Curve Loses $570,000 in Frontend Hack

Disclaimer: BitPinas articles and its external content are not financial advice. The team serves to deliver independent, unbiased news to provide information for Philippine-crypto and beyond.

Share some Bitpinas love:

Recent Jobs at Crypto Companies:

Posted 2 Jun 2023
Closing on 4 Aug 2023
2 Jun 2023
Posted 2 Jun 2023
Closing on 3 Aug 2023
2 Jun 2023
Mantle Network
Posted 2 Jun 2023
Closing on 2 Aug 2023
2 Jun 2023
Posted 1 Jun 2023
Closing on 5 Aug 2023
1 Jun 2023

Latest News:

What do you think of this article?

Let us know in the comments below.