The Hack Is Back

Market Meditations | August 10, 2022

Curve Finance has always caught a little flack for their clunky user interface. Most users overlook the UI’s nostalgic look, considering it a nod to the simple idea that became one of the biggest DeFi exchanges in the market. Yesterday, their front end encountered another problem when a hacker began draining more than user funds.

  • Curve announced on Twitter that they had been made aware of an issue with their front end, and asked users not to interact with the contracts and revoke any recent permissions. According to their Twitter account, the issue is now resolved.
  • Upon investigation, the team discovered that a hacker cloned the website, redirecting would-be users to the malicious site. This type of hack, a Domain Name Server (DNS) spoof, is becoming more common. After directing users to the wrong IP address, the hacker added approval requests to a malicious contract.
  • Only $570,000 in user funds have been reported stolen, although any user who connected their wallet to the website was at risk.
  • The hacker attempted to move the stolen funds through Fixed Float, an exchange on the Bitcoin Lightning Network, but the exchange was able to freeze $200,000.

Some influencers on crypto Twitter question if this will ruin Curve’s reputation, but their quick response and minimal losses should shield them from the type of outrage that often comes from affected users. CZ, the founder of Binance tweeted about the hack, saying that no Web3 protocols should be using GoDaddy for DNS due to its lack of security.