Curve Finance, one of the largest decentralized finance (DeFi) protocols, had its DNS hacked and some users were unfortunate enough to approve a malicious contract. The hacker managed to siphon off almost $600,000, but the FixedFloat protocol managed to intercept much of it along the way.
Curve suffers an attack on its site
The decentralized finance protocol (DeFi) Curve Finance suffered a hack on the frontend of its site last night, a relatively rare attack in the industry.
The information was quickly confirmed by the Curve teams, who recommended that users of the protocol stop interacting with it momentarily. It was then quickly established that the attack was aimed directly at the nameserver of the DeFi site, thus sparing Curve’s exchange which uses a different DNS provider.
Basically, the hacker cloned the Curve site and redirected the DNS of the original site to its IP address. He then invited hapless users to give their approval for a malicious contract on the “fake” site.
According to @zachxbt, a well-known blockchain investigator, the hacker managed to steal $570,000 from the affected users.
The hacker then routed the funds through FixedFloat, a swap platform. The latter said via Twitter that it managed to freeze 112 ETH (about $187,000 at the current rate) of the total theft, a move welcomed by the community.
Fortunately, the problem was resolved within the hour. If you ever interacted with Curve during that time frame or have any doubts, the address to revoke is (with a tool like DeBank or Revoke.cash): 0x9eb5f8e83359bb5013f3d8eee60bdce5654e8881
The platform is now fully operational and secure, according to Curve.