blockworks.co
The main website of decentralized digital asset exchange Curve Finance has been compromised in what appears to be the latest instance of a nefarious crypto exploit.
The firm warned users it’s looking into an apparent nameserver attack, saying its website should be avoided. It wasn’t immediately clear whether any funds had been compromised.
“Don’t use http://curve.fi site – nameserver is compromised,” the company wrote in a tweet Tuesday. “Investigation is ongoing: likely the NS itself has a problem.”
In a subsequent tweet, Curve said that Curve.Exchange uses a different domain name system provider and seems to be unaffected, though noted that users still “need to proceed with caution.”
Curve urged domain registrar iwantmyname to “please do something” at 5:22 pm ET.
“We switched nameserver, but don’t rush to use http://curve.fi – wait a bit,” the decentralized exchange added.
Twitter account foobar claimed at about 4:30 pm ET that roughly $570,000 worth of tokens had been stolen so far, pointing to this address.
When you make a swap it creates a transaction to approve 0x9Eb5F8e83359Bb5013f3D8eee60bDCe5654e8881 to spend whichever coin you're inputting
— foobar (@0xfoobar) August 9, 2022
But this is not a Curve pool, your funds will be manually drained into a malicious EOA instead, 0x50f9202e0f1c1577822bd67193960b213cd2f331 pic.twitter.com/N54sURa55V
The incident comes after a hacker produced a phishing pop-up on Polygon and Fantom last month warning users their funds were at risk and urging them to enter their private account keys.
That hacker accessed Polygon and Fantom’s remote procedure call (RPC) interfaces through the Web3 infrastructure platform Ankr by tricking a third party domain name system (DNS) provider into giving the hacker access to Polygon and Fantom’s domains.
This is a developing story.