The massive DeFi liquidity pool, Curve.Finance, has been attacked. The equivalent of almost $570,000 in bitcoins was taken by the hackers.
The community has been made aware of the Curve front-end security flaw by one of Paradigm’s security experts, who has also advised users not to utilize the protocol right now.
A few minutes later, the Curve.Finance team issued a warning advising users not to use the curve.fi website and informing them that the site’s domain name system (DNS) had been hacked and that an investigation was continuing. This action validated the vulnerability.
In order to launch the cloned site, the hackers “cloned the site, redirected the DNS to their IP where the cloned site is deployed, and added approval requests to a fraudulent contract,” according to Lefteris Karapetsas, the creator of the open-source portfolio monitoring and accounting application Rotki. Users’ money were drained after they authorized the contract and were ignorant of the clone.
The curve.exchange website, according to Curve, was unaffected since it makes use of a different DNS service. Later, Protocol stated that the problem has been located and fixed and that all services ought to be operating normally.
“The issue has been found and revoked. If you have approved any contracts on Curve in the past few hours, please revoke them immediately. Please use curve.exchange for now until the spread for curve.fi returns to normal.”