Curve Finance Resolves Front-End Exploit After $570K Stolen

Please fol­low and like us:
Pin Share

Curve Finance was the vic­tim of a front-end exploit caused by a DNS issue. It has since resolved the exploit, and Fixed­Float has frozen 112 Ethereum worth of stolen funds.

The Curve team believed a glitch led to the site’s name­serv­er being com­pro­mised. This was lat­er con­firmed, and in the inter­im, the team asked users to revoke any approved contacts.

Curve fixes the issue within hours

Curve Finance announced a few hours ago that updates had been sent out, and the plat­form was safe to use again. The team had pin­point­ed the issue fair­ly soon after it was dis­cov­ered, ask­ing users to use curve.exchange instead of curve.fi

As for how the exploit was present in the first place, the team said that they did not know and that it was iwant­my­name that like­ly got hacked in the first place.

An analy­sis of the exploit shows that when­ev­er a trans­ac­tion was approved to spend any asset, it could man­u­al­ly drain the funds into a mali­cious exter­nal­ly owned account (EOA) instead. 

About $570,000 had been stolen. Oth­ers have also act­ed quick­ly on the mat­ter, ensur­ing that the dam­age was lim­it­ed to the ini­tial thefts. Fixed­Float froze 112 ETH of the stolen funds.

There have been sev­er­al attacks on the DeFi mar­ket this year, and it is clear that attack­ers will use what­ev­er means pos­si­ble to exploit the most pop­u­lar plat­forms. Bridge attacks, in par­tic­u­lar, have become pop­u­lar among attack­ers, and sev­er­al of these have tak­en place in 2022.

The Ronin Bridge attack ear­li­er this year saw over $620 mil­lion stolen, and the ser­vice only just relaunched, with the Axie Infin­i­ty devel­op­er hav­ing to reim­burse vic­tims. Most recent­ly, the Nomad Bridge expe­ri­enced an attack where hack­ers made away with near­ly $200 million.

Most of these attacks have been because of cen­tral­iza­tion issues, accord­ing to a Cer­tik report. While hacks can have a huge impact on projects and their rep­u­ta­tion, it’s not always the case that they are ren­dered a fail­ure for­ev­er. Many DeFi projects have suc­cess­ful­ly returned fol­low­ing an exploit or hack.

Disclaimer

All the infor­ma­tion con­tained on our web­site is pub­lished in good faith and for gen­er­al infor­ma­tion pur­pos­es only. Any action the read­er takes upon the infor­ma­tion found on our web­site is strict­ly at their own risk.

Source link

Please fol­low and like us:
Pin Share

Leave a Reply

Your email address will not be published. Required fields are marked *