Curve Finance became the latest target in a long list of exploits that have decimated the crypto space in 2022. The protocol reported that an exploit on the site’s nameserver and front end resulted in a loss of over $573,000. The protocol has since reported that the problem has been found and fixed.
$570,000 Stolen From Curve Finance
Automated Market Maker Curve Finance took to Twitter on Tuesday, warning users of an exploit on its site. The Curve team acknowledged the issue affecting the site’s front-end and nameserver, which appeared to be orchestrated by a malicious actor. The protocol stated on Twitter,
“We are becoming aware of a potential front-end issue that is approving a bad contract,” the Telegram announcement read. “For now, please do not perform any approvals or swaps. We’re trying to locate the issue, but for now, for your safety, do not use Curve.fi or curve.exchange.”
The team made a second announcement shortly after the initial one, stating they had found the source of the problem and addressed the issue. However, the protocol has asked users to revoke any contract approvals they may have conducted over the past few hours when the protocol’s front end and nameserver were compromised.
“If you have approved any contracts on Curve in the past few hours, please revoke immediately.”
The attack on Curve comes hot on the heels of another exploit, suffered by Nomad, leading the protocol to lose $190 million.
Exchange Unaffected
Curve stated in a follow-up that its exchange, which is a separate product, was unaffected by the hack. This is because the exchange uses a different domain name system (DNS) provider. The protocol added that users should continue to use the Curve.exchange until Curve.fi reverts to normal.
“The issue has been found and reverted. If you have approved any contracts on Curve in the past few hours, please revoke them immediately. Please use http://curve.exchange for now until the propagation for http://curve.fi reverts to normal.”
According to Curve, the hacker appeared to have changed the domain name system entry for Curve Finance. This forwarded users to a fake clone, which approved a malicious contract. However, the program’s contract was not compromised by the hack.
Alarm Bells On Twitter
While the attack on Curve Finance was ongoing, Twitter users speculated on the source of the attack. User LefterisJP speculated the attacker had used DNS spoofing to execute the attack on Curve.
“It’s DNS spoofing. Cloned the site, made the DNS point to their IP where the cloned site is deployed, and added approval requests to a malicious contract.”
Other users on Twitter were quick to warn fellow users about the ongoing exploit, stating that the protocol’s front-end had been compromised, while others noted that the hacker had stolen over $573,000.
A Significant Impact On Curve
The timing of the exploit could not have been worse for Curve.finance, which was winning favor with analysts, who had stated in July that despite the recent market downturn, Curve remained a viable option in the space. Researchers have several reasons for their bullishness around the protocol, specifically pointing out the growing demand for Curve DAO token deposits, the protocol’s yield opportunities, and its revenue generation thanks to stablecoin liquidity.
This observation came after the protocol launched a new algorithm that allowed the exchange of volatile assets, promising to allow low-slippage swaps between any volatile assets. The pools use internal oracles and a bonding curve model, previously deployed by market makers such as Uniswap.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.