Aug 10, 2022 Frank Stewskid

Curve Finance got exploited through its DNS provider iwantmyname whose nameservers got hacked

Curve Finance’s curve.fi website got exploited due to its DNS being compromised. The Curve Finance team took it to Twitter to warn their userbase about the hack and urged the community to revoke any approvals they might have given to smart contracts they interacted with through the Curve.fi website during the last 24 hours. Although at first it was only known that the front-end of the platform had been compromised, it was later established that this is the result of a DNS hijacking attack, as the other platform’s website curve.exchange used by the project’s exchange platform remained unaffected and it uses a different DNS provider. 

Just an hour after the announcement of the exploit’s discovery, the Curve team reassured its community the attack has been dealt with and a fix has been issued, however, if users had approved any contract after interacting with Curve, they were once again urged to revoke these approvals. No details about how the name servers were compromised were shared besides an assumption made by the Curve Finance team that their DNS provider iwantmyname most likely got hacked. 

According to crypto researcher and self-proclaimed “2D detective” ZachXBT the Curve.fi hack resulted in $570,000 stolen and the attacker started transferring funds to the automatic cryptocurrency exchange FixedFloat.

At the same time, FixedFloat stated that its security department has frozen part of the funds transferred from the wallet address suspected to be related to the Curve attack, amounting to 112 ETH, and were waiting for further details. Moreover, the attacker was noticed to have immediately swapped USDC to ETH out of fear of getting blacklisted by Circle, the USDC stablecoin’s issuer. 

Other Twitter users were quick to note that the malicious smart contract was created on July 25, 2022, and the creator of it was moving funds through the infamous cryptocurrency mixer Tornado Cash.

All Curve.fi issues have since been fixed and a post-mortem is expected to be released soon. 

Author:

Frank Stewskid

Frank Stewskid

Last updated: Aug 10, 2022

Recent news:

Video Tutorials