A recent report from Curve Finance and domain registrar “iwantmyname” states that the recent $570,000 exploit suffered by Curve Finance was the result of “DNS cache poisoning, not a compromise of the name server”.
The report clarifies that the platform was targeted by a compromise in the hosted DNS infrastructure. Hackers cloned server records to mimic the original servers, which is known as DNS cache poisoning.
This results in the user being redirected to a page chosen by the attacker, tricking people into thinking this is the original domain and using the site as usual.
Curve Finance said this change happened on August 9 at around 7 p.m. (UTC). Access was again restored around 9 p.m. (UTC).
Read also : Curve Finance loses $570,000 due to DNS compromise
The platform said it was working with its external DNS platform provider to investigate this issue further, while also working on a plan to prevent similar attacks in the future.
Curve Finance, in its tweet, mentions that this attack “STRONGLY suggests starting to move to ENS instead of DNS”, indicating that the Ethereum Name Service (ENS) is more secure than DNS.