Jun 24, 2022 Camille A. Hanard
Convex Finance reported a DNS attack
Convex Finance, a yield aggregating protocol built as a Curve staking platform, announced on its official Twitter account that its website DNS was hijacked yesterday “prompting users to approve malicious contracts for some interactions on the site". The team claimed that no users’ funds on verified contracts have been affected.
Investigation is still ongoing, but a quick update for the community:
— Convex Finance (@ConvexFinance) June 23, 2022
- DNS for https://t.co/5rSUjMgY4u was hijacked, prompting users to approve malicious contracts for some interactions on the site.
- Funds on verified contracts are unaffected.
This post came after a caution published by a Twitter user under the name of Alexintosh who has identified the malicious contract that the website asked to approve.
I don't what's happening but be 100% certain you approve exactly 0xF403C135812408BFbE8713b5A23a04b3D48AAE31
— alexintosh.eth | I’m hiring (@Alexintosh) June 23, 2022
if you used @ConvexFinance make sure you did not approve: 0xF403a2c10B0B9feF8f0d4F931df5d86aD187AE31 https://t.co/QTsi6BV1Zj
As of now, the issue has been fixed, but the investigation is ongoing. Convex has also set an alternate domain as a precaution for users, while the team is figuring out further steps.
An alternate domain has been set-up as a precaution for Convex users.https://t.co/SlybjEAznp
— Convex Finance (@ConvexFinance) June 24, 2022
andhttps://t.co/lMZL6Rm2FO
Users are encouraged to use these URLs to interact with the site while the investigation into the DNS hijack is conducted.
Convex has also posted five addresses where malicious transactions have been approved and urged them to reach out to the Convex team as soon as possible.
As per DeFi Teller on-chain data, 203 transactions were confirmed on Convex Finance as of June 23, 2022.