Curve Finance, behind the popular altcoin CRV, has warned its users of an exploit on its site. The team behind the protocol drew attention to what appears to be an attack by a malicious actor. He noted that the attack affected the name server and frontend of the service. In addition, Binance CEO Changpeng Zhao also shared some explanations about the situation. Here are the details…
“Abuse” warning for popular altcoin
Automated market maker Curve has faced an exploit on its website. He stated on Twitter that his exchange, which is a separate product, was not affected by the attack because it used a different domain name system (DNS) provider. However, the issue was quickly dealt with by the team. An hour after the initial alert, Curve said it had both found and fixed the problem. It prompted users who had confirmed any contracts on Curve in the past few hours to “immediately” cancel.
Alert to all @CurveFinance users, their frontend has been compromised!
Do not interact with it until further notice!
It appears around $570k stolen so far 🙄#defi #crypto $crv
— Assure DeFi (@AssureDefi) August 9, 2022
Most likely, the DNS server provider Iwantmyname has been hacked, Curve noted. He added that he later changed the nameserver. A name server works like a directory that translates domain names into IP addresses. As the exploit continued, Twitter user LefterisJP speculated that the alleged attacker used DNS spoofing to execute the exploit on the service. Other participants in the DeFi space quickly took to Twitter to spread the warning. Some, including Changpeng Zhao, stated that the thief stole more than $573,000.
It's DNS spoofing. Cloned the site, made the DNS point to their ip where the cloned site is deployed and added approval requests to a malicious contract.
— Lefteris Karapetsas | Hiring for @rotkiapp (@LefterisJP) August 9, 2022
Analysts were positive about CRV
In July, analysts suggested that they view Curve Finance positively despite the market decline that continues to affect the broader DeFi space. cryptocoin.comAs we reported, researchers at Delphi Digital cited the platform’s return opportunities, the demand for Curve DAO Token (CRV) deposits, and the protocol’s revenue from stablecoin liquidity, among the reasons cited for their rise.
This comes after the platform released a new “algorithm” in June that promises to allow low-diversity swaps between “volatile” assets. These pools use a combination of Exponential Moving Averages (EMAs) and internal oracles formerly deployed by popular auto market makers like Uniswap.
Binance CEO criticizes the service Curve Finance uses
Meanwhile, according to Binance CEO Changpeng Zhao, the attackers stole more than $570,000 from user wallets. CZ also said that the project uses “GoDaddy” for DNS and that it is “not secure”. “No web3 project should use it. It is very sensitive to social engineering,” he said. As a result, Curve Finance took notice. It said the “Curve.fi” nameserver was compromised. It also said that curve.exchange is not affected because it uses a different DNS provider.
They use GoDaddy for DNS, which is insecure. No web3 projects should use that. Very susceptible to social engineering.
— CZ 🔶 Binance (@cz_binance) August 9, 2022
