Was Convex Finance targeted in the latest spoofing exploit

Please fol­low and like us:
Pin Share

Amid the broad­er mar­ket down­turn, 24 June was a rather unfor­get­table day for the cryp­to com­mu­ni­ty. After the Har­mo­ny Bridge was attacked for $100 mil­lion Con­vex Finance urged its users to be dili­gent in check­ing the address­es for con­tract approvals. Report­ed­ly, the web­site of Con­vex Finance was hijacked ear­li­er on 24 June.

“Need a hand here”

Curve’s Con­vex Finance is a DeFi pro­to­col built to reward liq­uid­i­ty providers. It also pro­vides addi­tion­al yields to those who stake Curve Finance’s native token, CRV. The pro­to­col suf­fered a DNS (Domain Name Sys­tem) hijacking.

It was tar­get­ed in the lat­est spoof­ing exploit. The hijack­ing prompt­ed users to accept and approve mali­cious con­tracts for some inter­ac­tions on the site. In fact, the attack was con­firmed by the Con­vex team via the fol­low­ing tweet,

The Con­vex team con­firmed the five address­es that approved these “mali­cious con­tracts.” They asked the own­ers of the fol­low­ing address­es to report via Twit­ter or Dis­cord chan­nels at the ear­li­est. The accounts list­ed in the tweet were,

  • 0x496e53c32a69a79a82ed85d2913010dd2f9d1b4f
  • 0x4ffc5f22770ab6046c8d66dabae3a9cd1e7a03e7
  • 0x5b186c93a50d3cb435fe2933427d36e6dc688e4b
  • 0x624301090700ea1e3c5b5224f89adfae405412c1
  • 0x92557b6ffa116b53cf2c3bc1d6d33f78d97ed4c9

While the inves­ti­ga­tion is still going on, no funds are affect­ed yet on the ver­i­fied con­tracts. In the wake of this alarm­ing issue, the Con­vex team then cre­at­ed an alter­nate domain as a pre­cau­tion­ary mea­sure for users. Until the post-mortem of the attack, the sites men­tioned below are being sug­gest­ed for safe pas­sage into the protocol.

Not the first one

The attack on Con­vex Finance comes on a day when $100 mil­lion in ETH was stolen from the Har­mo­ny Bridge hack. It is the lat­est cross-chain bridge to suf­fer a secu­ri­ty breach. This comes after Axie Infinity’s Ronin Bridge suf­fered a $600 mil­lion hack ear­li­er in March.



Source link

Please fol­low and like us:
Pin Share

Leave a Reply

Your email address will not be published. Required fields are marked *