Curve Finance Solves Issue That Led To $570K Stolen From The DeFi Platform
Hackers plundered approximately $570,000 from decentralized finance (DeFi) protocol Curve.Finance. Since then Curve has resolved the issue and recommended that users revoke any approved contracts on its platform.
Shortly after that announcement, the protocol’s operators said via Telegram that they found the source of the problem and fixed it. “If you have approved any contracts on Curve in the past few hours, please revoke immediately,” they said. The protocol also advised users to use curve.exchange until the propagation of curve.fi reverts to normal.
The hacker used a Domain Name Service (DNS) spoofing hack, cloning the site and redirecting the DNS point to their IP address. Then, they added approval requests to a malicious contract to steal the funds. The program’s contract remained uncompromised, however.
Users who had connected to Curve with their MetaMask wallet were at risk of having their funds stolen. ZachXBT, an anonymous on-chain investigator, reported that the hacker took approximately $570,000. The hacker tried moving funds through FixedFloat, a fully automatic cryptocurrency exchange on the Bitcoin Lightning Network. The exchange froze and secured roughly $200,000 of the stolen funds.
Curve.Finance is an integral part of the DeFi ecosystem due to its CRV token rewards emissions, which serve as a source of income for several other protocols.
In response to the hack, the protocol advised users in a Telegram message to refrain from using curve.fi or curve.exchange until the protocol’s operators locate the source of the exploit.
The Telegram announcement stated:
“We are becoming aware of a potential front end issue that is approving a bad contract. For now, please do not perform any approvals or swaps. We’re trying to locate the issue, but for now, for your safety, do not use curve.fi or curve.exchange.”
Curve Finance is one of the largest decentralized exchanges by total value locked (TVL), holding over $6 billion.
