Convex Finance reported a DNS attack

Convex Finance, a yield aggregating protocol built as a Curve staking platform, announced on its official Twitter account that its website DNS was hijacked yesterday “prompting users to approve malicious contracts for some interactions on the site". The team claimed that no users’ funds on verified contracts have been affected.

Investigation is still ongoing, but a quick update for the community:
- DNS for https://t.co/5rSUjMgY4u was hijacked, prompting users to approve malicious contracts for some interactions on the site.
- Funds on verified contracts are unaffected.

— Convex Finance (@ConvexFinance) June 23, 2022

This post came after a caution published by a Twitter user under the name of Alexintosh who has identified the malicious contract that the website asked to approve.

I don't what's happening but be 100% certain you approve exactly 0xF403C135812408BFbE8713b5A23a04b3D48AAE31

if you used @ConvexFinance make sure you did not approve: 0xF403a2c10B0B9feF8f0d4F931df5d86aD187AE31 https://t.co/QTsi6BV1Zj

— alexintosh.eth | I’m hiring (@Alexintosh) June 23, 2022

As of now, the issue has been fixed, but the investigation is ongoing. Convex has also set an alternate domain as a precaution for users, while the team is figuring out further steps. 

An alternate domain has been set-up as a precaution for Convex users.https://t.co/SlybjEAznp
andhttps://t.co/lMZL6Rm2FO

Users are encouraged to use these URLs to interact with the site while the investigation into the DNS hijack is conducted.

— Convex Finance (@ConvexFinance) June 24, 2022

Convex has also posted five addresses where malicious transactions have been approved and urged them to reach out to the Convex team as soon as possible.

As per DeFi Teller on-chain data, 203 transactions were confirmed on Convex Finance as of June 23, 2022.

DeFi Share This Article