en
Back to the list

Ethereum DeFi Exchange Curve Suffers Frontend Attack: Report

source-logo  decrypt.co 09 August 2022 22:45, UTC

Attacks targeting blockchain companies show no sign of slowing down. Decentralized trading platform Curve Finance confirmed reports that its website had suffered a frontend attack on Tuesday.

"Don't use the frontend yet. Investigating!" Curve Finance tweeted.

Don't use the frontend yet. Investigating! https://t.co/8kmtpGsLQQ

— Curve Finance (@CurveFinance) August 9, 2022

Hackers apparently compromised a Curve website or domain name to redirect unwitting users or their transactions to a malicious destination.

According to Web3 on-chain sleuth, Zachxbt, the thieves made off with $570,000 in ETH, which they sent to the FixedFloat cryptocurrency exchange to launder the money.

Looks like $570k stolen

0x50f9202e0f1c1577822BD67193960B213CD2f331 pic.twitter.com/IG6nIKVv59

— ZachXBT (@zachxbt) August 9, 2022

FixedFloat said it had frozen 112 ETH, around $191,088, of the stolen funds.

"Our security department has frozen part of the funds in the amount of 112 ETH. In order for our security department to be able to sort out what happened as soon as possible, please email us: info@fixedfloat.com," FixedFloat tweeted.

Our security department has frozen part of the funds in the amount of 112 ETH. In order for our security department to be able to sort out what happened as soon as possible, please email us: info@fixedfloat.com

— FixedFloat⚡️ (@FixedFloat) August 9, 2022

Launched in 2020, Curve Finance is a decentralized exchange and automated market maker (AMM) for trading stablecoins and wrapped digital assets like wBTC and tBTC.

🚨 Curve UI is compromised

0x9Eb5F8e83359Bb5013f3D8eee60bDCe5654e8881 malicious contract, revoke approvals immediately

0x50f9202e0f1c1577822BD67193960B213CD2f331 attacker's address from the contract's storage

— banteg (@bantg) August 9, 2022

A few hours after its original notice, Curve Finance said the issue had been found and resolved.

“If you have approved any contracts on Curve in the past few hours, please revoke immediately,” the company warned, also advising its users to proceed cautiously. The curve.exchange website appeared unaffected, they reported, and uses a different domain name system or DNS than curve.fi.

The issue has been found and reverted. If you have approved any contracts on Curve in the past few hours, please revoke immediately. Please use https://t.co/6ZFhcToWoJ for now until the propagation for https://t.co/vOeMYOTq0l reverts to normal

— Curve Finance (@CurveFinance) August 9, 2022

decrypt.co