Defi Attacker Siphons $570,000 From Curve Finance, Crypto Exchange Fixedfloat Freezes 112 Ethereum
Reports indicate that the decentralized finance (defi) protocol Curve was hacked for $570,000 in ethereum after people noticed that Curve’s front end was exploited. The attackers then tried to launder the funds via the crypto exchange Fixedfloat, and the trading platform’s team managed to freeze $200K worth of the stolen funds.
Curve Finance Exploited for $570K — Fixedfloat Exchange Freezes More Than $200K, Domain Service Blamed
Another defi hack was discovered on August 9, when the Paradigm researcher Samczsun tweeted that Curve Finance’s frontend was compromised. Curve Finance confirmed the problem on Twitter and later the team was able to revert the exploit found on the frontend. “The issue has been found and reverted,” Curve said. “If you have approved any contracts on Curve in the past few hours, please revoke immediately.”
🚨🚨🚨@CurveFinance frontend is compromised, do not use it until further notice!
— samczsun (@samczsun) August 9, 2022
When Curve was asked if the team could “go into detail about how the name servers were compromised?” Curve replied: “That we don’t know. Most likely, [iwantmyname.com] themselves got hacked.” The on-chain researcher Zachxbt reported that the hacker managed to get away with $570K. The funds were sent to the Bitcoin Lightning Network-powered exchange Fixedfloat, and the exchange noted that the team managed to freeze some of the funds.
“Our security department has frozen part of the funds in the amount of 112 [ether]. In order for our security department to be able to sort out what happened as soon as possible, please email us” Fixedfloat wrote. Steven Ferguson, the founder of Tcpshield, further verified that it was possible that the domain service iwantmyname.com was breached.
“On August 9th at 20:26 UTC, I was pinged regarding [Curve fi’s] frontend being compromised in what appears to be a nameserver hijack at [iwantmyname.com],” Ferguson said. The Tcpshield founder added:
This did not appear to be a hijack at the registrar level, but rather systems at [iwantmyname.com] compromised themselves.
The Curve attack follows a great number of defi hacks during the last few weeks, as the Solana-based Slope wallet was breached, Crema Finance lost $8.7 million, and Rari Capital’s Fuse platform was hacked for $80 million. Furthermore, $1.3 billion was stolen in Q1 2022 and most of the attacks stemmed from defi projects this year.
Following the Curve attack, the Curve team has been tweeting out walkthroughs on how users can revoke a smart contract. After the issues were found and reverted, Curve Finance said: “Updates should have propagated for [Curve] everywhere by now, which means it should be safe to use.” Curve Finance has $6.13 billion total value locked (TVL) today, making it the fifth-largest defi protcol in terms of TVL size.
What do you think about the Curve Finance hack that occurred on August 9? Let us know what you think about this subject in the comments section below.