Hackers steal $611,500 worth of user’s funds by hijacking the Curve Finance homepage
(Kitco News) - Hackers continue to search for weaknesses in popular decentralized finance protocols, and Curve Finance is the latest platform to fend off an attack. On Tuesday the popular decentralized stablecoin exchange fell victim to a domain name system (DNS) hijack in which hackers briefly took control of the project's homepage.
The exchange posted a tweet on Tuesday warning users to refrain from using the website due to the front page being compromised after several users reported a change in the nameserver.
Don't use https://t.co/vOeMYOTq0l site - nameserver is compromised. Investigation is ongoing: likely the NS itself has a problem— Curve Finance (@CurveFinance) August 9, 2022
While the exact method used to conduct the attack remains unknown, developers for Curve posted an update around one hour after the attack began saying that the issue was resolved.
The issue has been found and reverted. If you have approved any contracts on Curve in the past few hours, please revoke immediately. Please use https://t.co/6ZFhcToWoJ for now until the propagation for https://t.co/vOeMYOTq0l reverts to normal— Curve Finance (@CurveFinance) August 9, 2022
The team also encouraged anyone who had interacted with the platform recently to revoke any permissions given “immediately” in order to prevent any further loss of funds.
The attack appears to have been isolated to the front page of the platform, leaving its backend exchange which uses a completely different DNS unaffected. Users who attempted to interact with the compromised front page were redirected to a page controlled by the hackers, where the funds held in their wallet were subsequently drained.
It is estimated that a total of 605,000 USDC and 6,500 were stolen in the hack before Curve could fix the vulnerability, which the hackers immediately converted to 363 Ether (ETH) in an attempt to avoid having the USDC frozen by authorities.
The thieves laundered 27.7 ETH worth of the stolen funds through the now sanctioned Tornado Cash cryptocurrency mixer and sent 292 of the ETH acquired to the FixedFloat exchange and coin swap service.
FixedFloat managed to freeze 112 of the stolen ETH and provided 1 BTC address, 1 BSC address and 1 LTC address where the hackers withdrew the remaining stolen funds.
|"Bitcoin price spikes 5.1% as U.S. inflation decelerates from its peak|
An additional 20 ETH was deposited to a Binance hot wallet while an unknown exchange hot wallet received 23 ETH. The blockchain analytics firm Elliptic is currently tracking all wallet addresses associated with the hack and will inform the crypto community of any important updates.
Curve Finance is one of the top DeFi protocols in the cryptocurrency ecosystem, serving a crucial role as the main stablecoin exchange with a total value locked of $6.13 billion.
As news of the attack spread across social media, the price of the protocol's native CRV token plunged by 11.37% from a price of $1.40 to a low of $1.27.
CRV/USD 4-hour chart. Source: TradingView
Thanks to the rapid response in remedying the situation by the Curve team, the price of CRV managed to reverse its course and recover a majority of its lost ground, trading at a price of $1.366 by midday on Wednesday.