Main navigation

Here's What Happened During Curve Finance's Hijacking That Put Funds at Risk

Wed, 08/10/2022 - 09:58
article image
Tomiwabold Olajide
Alleged hacker altered protocol's DNS record
Here's What Happened During Curve Finance's Hijacking That Put Funds at Risk
Cover image via

Disclaimer: The opinions expressed by our writers are their own and do not represent the views of U.Today. The financial and market information provided on U.Today is intended for informational purposes only. U.Today is not liable for any financial losses incurred while trading cryptocurrencies. Conduct your own research by contacting financial experts before making any investment decisions. We believe that all content is accurate as of the date of publication, but certain offers mentioned may no longer be available.

Read U.TODAY on
Google News

DeFi protocol Curve Finance has reported an exploit on its site. The alert was first raised by paradigm researcher "samczsun," who reported that the Curve Finance frontend was compromised and, hence, warned users against its use. The team behind the protocol immediately alerted users while stating they were investigating the matter.

The problem, which seemed to be an attack on the service's nameserver and frontend, was quickly identified by the team. Curve said through Twitter that their exchange appeared to be untouched by the hack as it uses a different domain name system (DNS) provider.

Additionally, it warned that Iwantmyname, the DNS server provider, had been compromised and that its nameserver had been changed as a result.

In a Twitter post, Steven Ferguson, the founder of TCPshield, recounts what happened during the breach. The alleged hacker altered the protocol's DNS record, redirecting users to a false clone and approving a malicious contract.

But the team moved fast to solve the problem. After issuing the original warning, Curve announced that it had identified and fixed the problem and advised users to "immediately" withdraw any contracts they had just approved. Additionally, it made clear which contract needed to be revoked.

According to reports, over $570,000 were stolen in the brief attack.

article image
About the author

Tomiwabold is a cryptocurrency analyst and an experienced technical analyst. He pays close attention to cryptocurrency research, conducting comprehensive price analysis and exchanging predictions of estimated market trends. Tomiwabold earned his degree at the University of Lagos.