Samczsun, a researcher at Paradigm, is reporting that the Curve Finance front end has been compromised, with over $500k stolen within a matter of minutes.
🚨🚨🚨@CurveFinance frontend is compromised, do not use it until further notice!
— samczsun (@samczsun) August 9, 2022
The official Curve Finance Twitter has confirmed the news stating:
Don't use the frontend yet. Investigating! https://t.co/8kmtpGsLQQ
— Curve Finance (@CurveFinance) August 9, 2022
The founder of Rotkiapp, Lefteris Karapetsas, theorized that “It’s DNS spoofing. Cloned the site, made the DNS point to their ip where the cloned site is deployed and added approval requests to a malicious contract.” Curve retweeted the theory in apparent support before following up with a further announcement;
Don't use https://t.co/vOeMYOTq0l site – nameserver is compromised. Investigation is ongoing: likely the NS itself has a problem
— Curve Finance (@CurveFinance) August 9, 2022