DeFi Protocol Curve Finance loses $570,000 in DNS hack


The alleged hacker appears to have modified the protocol’s Domain Name System (DNS) entry to redirect the DNS point to another IP address which then added approval requests to a malicious smart contract in order to steal users’ funds.

Specifically, an illicit actor appears to have cloned Curve’s interface using a DNS spoofing method that resulted in all transactions made through the site being redirected to the hackers’ wallets. DNS spoofing is a type of attack in which hackers impersonate legitimate server destinations by impersonating another service in order to redirect users to the wrong website.

Curve Finance said the hack was the result of their DNS service provider iwantmyname being compromised, but the project has since changed its nameserver. A name server is a DNS server that translates domain names into IP addresses and routes traffic across the Internet. Name servers also store and organize DNS records, each of which associates a domain with one or more IP addresses.

Over $570,000 in funds were stolen, but the platform’s smart contract was unaffected as it was under a different domain name.

In response to the hack, the project said users should refrain from endorsing, exchanging, or using curve.fi or curve.exchange until protocol operators can locate the source of the attack. ‘feat.

The curve solves the exploitation of the site

An hour after the initial warning, the protocol operators confirmed that they had found the source of the problem and canceled the issue, asking users who had approved contracts on Curve at the time to revoke them “immediately”.

Although the issue was quickly resolved by the team, the protocol also advised users to use curve.exchange until curve.fi propagation returns to normal.

According to the International Data Corporation (IDC), 91% of financial institutions experienced at least one DNS attack last year, with industry damages amounting to nearly $1.1 million per attack. Overall, IDC found that phishing attacks (55%) and DNS-based malware (42%) were the most common attacks affecting the financial industry.

Previous Curve Finance hackers loot $570,000 via DNS hijacking
Next Meet the 2 IPS officers who have won international policing awards