Curve Finance successfully resolved a hack after experiencing an exploit a few hours ago.
The Curve Finance team reported that it had resolved a hack it suffered on Tuesday, August 9th.
The hack was discovered after a Paradigm researcher notified the community that Curve’s front end had been compromised.
Following this notification, the Curve team was able to identify and revert the hack in a statement issued on Twitter a few hours ago. The Curve Finance team said;
“The issue has been found and reverted. If you have approved any contracts on Curve in the past few hours, please revoke them immediately. Please use http://curve.exchange for now until the propagation for http://curve.fi reverts to normal”
The Curve team asked its community members to revoke any contract approvals on its platform.
The attacker utilised a Domain Name Service (DNS) spoofing hack, cloned the Curve website and redirected the DNS point to their IP address. The hacker went on to add approval requests to a malicious contract to steal the funds.
Following this attack, users who had connected to Curve with their MetaMask wallets were at risk of losing their funds to the hacker.
ZachXBT, an anonymous on-chain investigator, revealed that the attacker took approximately $570,000. The attacker tried moving the funds via FixedFloat, a fully automatic cryptocurrency exchange on the Bitcoin Lightning Network.
However, the cryptocurrency exchange froze the transaction and recovered roughly $200,000 of the stolen funds.
TCPShield founder Steven Ferguson said;
“This did not appear to be a hijack at the registrar level, but rather systems at @iwantmyname compromised themselves.”
TCPShield is a Distributed Denial-of-Service (DDoS) protection platform.
Curve Finance is one of the leading decentralised exchanges in the world, with a total value locked (TVL) of over $6 billion.
DeFi protocols continue to be the focus of hackers in recent months, with major attacks spread across various blockchains, including Solana, Ethereum and BNB Chain.