On August 9, automated market maker Curve Finance warned users via Twitter about an attack on its website. The team behind the protocol noted that the incident, which appears to be an attack by a malicious actor, is affecting the nameserver and frontend of the service.
Don’t use https://t.co/vOeMYOTq0l site – nameserver is compromised. Investigation is ongoing: likely the NS itself has a problem
—Curve Finance (@CurveFinance) August 9, 2022
Curve stated on Twitter that its exchange – which is a standalone product – did not appear to be affected by the attack as it uses a different DNS provider. However, the team advised users to be careful when interacting with the site.
Although you need to proceed with caution, but https://t.co/6ZFhcToWoJ seems to be unaffected – uses a different DNS provider
—Curve Finance (@CurveFinance) August 9, 2022
Twitter user LefterisJP speculated that the suspected attacker had likely used DNS spoofing to execute the attack on the project:
It’s DNS spoofing. Cloned the site, made the DNS point to their ip where the cloned site is deployed and added approval requests to a malicious contract.
—Lefteris Karapetsas | Hiring for @rotkiapp (@LefterisJP) August 9, 2022
Other participants in the DeFi space were quick to spread the warning to their own followers, with some noting that the alleged thief appears to have made over $573,000 at time of writing.
alert to all @CurveFinance users, their frontend has been compromised!
Do not interact with it until further notice!
It appears around $570k stolen so far #defi #crypto $crv
— Assure DeFi (@AssureDefi) August 9, 2022
This is a developing story and will be updated as more information becomes available.
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.