Curve Finance Users Lose $573,000 in Phishing Attack
- August 11, 2022
- 0
On August 9, unknowns took over the front end of Curve Finance DeFi protocol on the user side. As a result, users lost $573,000 worth of assets. #PeckShieldWarning
On August 9, unknowns took over the front end of Curve Finance DeFi protocol on the user side. As a result, users lost $573,000 worth of assets.
#PeckShieldWarning @CurveFinance abusers transferred ~27.7 ETH @TornadoNakit~292 $ETH with @FixedFloat Claiming to freeze some of the stolen funds in the amount of 112 $ETHand ~20 $ETH with @binance. https://t.co/kZ3zwyjowA pic.twitter.com/dt75PQOAv8
— PeckShieldAlert (@PeckShieldAlert) 10 August 2022
PeckShield reports that the attackers transferred 27.7 ETH to the Tornado Cash platform, 292 ETH to the FixedFloat protocol (112 ETH blocked), and 20 ETH to Binance.
Curve Finance urged developers not to use the platform site until new recommendations. later they suggested using an alternative domain and revoking approval of the malicious contract if necessary.
Problem found and reverted. If you have confirmed any agreement on Curve in the last few hours, please cancel it immediately. Please use https://t.co/6ZFhcToWoJ for now until the spread of https://t.co/vOeMYOTq0l returns to normal
— Curve Finance (@CurveFinance) August 9, 2022
The next day, the team released a report provided by the iwantmyname hosting service. He talks about “poisoning” the domain name system (DNS) protocol from an external provider and not compromising the server itself.
The attack occurred on August 9 ~ 19:00 (UTC). After the discovery, the experts shut down the servers and regained access to the servers at ~21:00 (UTC) the same day.
Analysis showed that server and provider infrastructures were not compromised. Root cause is still being sought.
“No one on the Internet is 100% immune to these types of attacks. What happened speaks of the urgent need to switch from DNS to another. ENS“, – Wrote in Curve Finance.
we have a short report @iwantmyname about what it is. In summary: DNS cache poisoning, not nameserver security.https://t.co/PI1zR96M1Z
No one on the web is 100% safe from these attacks. STRONGLY recommends you start moving to ENS instead of DNS
— Curve Finance (@CurveFinance) 10 August 2022
Recall that in July, the number of registrations in the Ethereum Name Service (ENS) domain name system soared to record highs.
ForkLog has previously reported attacks on DNS servers of DeFi projects, including Convex Finance, Allbridge, Ribbon Finance, and DeFi Saver. All of them used the services of Namecheap domain registrar.
Read ForkLog bitcoin news in our Telegram – cryptocurrency news, courses and analysis.
Source: Fork Log
I’m Sandra Torres, a passionate journalist and content creator. My specialty lies in covering the latest gadgets, trends and tech news for Div Bracket. With over 5 years of experience as a professional writer, I have built up an impressive portfolio of published works that showcase my expertise in this field.
