Curve Finance Face $573K Hack and Warn Users Not to Interact

Curve Finance Face $573K Hack and Warn Users Not to Interact

Hackers strike again, this time targeting DeFi protocol Curve Finance.

Curve Finance, an automated market maker protocol established in 2020 by Michael Egorov, has been attacked by an unknown hacker

On August 9th, the company took to Twitter to warn its users about a possible hack of the company's site. In their initial tweet, Curve Finance noted that the arisen issues were affecting the service’s name server and frontend

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

What is Web3? (Animated Explanation + Examples)

What is Web3? (Animated Explanation + Examples) What is Web3? (Animated Explanation + Examples)

In the Twitter thread, the company also noted that their exchange platform was working properly without any noticeable discrepancies. 

Shortly after that, the company shared another tweet stating that “the issue has been found and reverted”, warning users to “immediately” revoke their contracts, if they have approved any of them.

It seems that the hacker has changed the domain name system (DNS) protocol entry to a cloned version of the official Curve Finance site. While breaking down the hack, Twitter user DeFi Pontifexsaid said:

They provided the IP address of their own server and they created an identical web application. However, they deployed new smart contracts to steal money. Unaware users thought they were using @CurveFinance, but they were approving transactions that were stealing their funds.

Other companies, such as Assure DeFi, also used Twitter to warn their users about the ongoing attack, disclosing that the hacker has stolen $573,000

It also has been assumed that the hacker used the crypto exchange FixedFloat to transfer the stolen funds. After the company identified the hacker, it used Twitter to announce that its security team has frozen 112 ETH (worth around $191,000) as a part of the stolen funds. 

The hacker initially started transferring the stolen funds in batches of 45 ETH, then in amounts ranging from 20 to 22 ETH. 

In other news, back in June, Curve Finance announced the release of their new algorithm, which was supposed to ensure successful exchanges between volatile assets. 

Gile K. - Crypto Analyst

by Gile K. - Crypto Analyst, BitDegree