DeFi Protocol Curve.Finance Gets Hacked and $570K Is Stolen
The source of the hack has been “found and reverted,” according to the protocol.
Aug 9, 2022 at 9:39 p.m. UTC:format(webp)/cloudfront-us-east-1.images.arcpublishing.com/coindesk/SN7FRBJPYZCVHOX5N4KHJ3LIAE.jpg)
(vlastas/iStock/Getty Images Plus)
Hackers plundered approximately $570,000 from decentralized finance (DeFi) protocol Curve.Finance, according to a screenshot of the protocol’s wallet shared on Twitter late Tuesday.
Shortly after that announcement, the protocol’s operators said via Telegram that they found the source of the problem and fixed it. “If you have approved any contracts on Curve in the past few hours, please revoke immediately,” they said. The protocol also advised users to use curve.exchange until the propagation of curve.fi reverts to normal.
Curve.Finance is an integral part of the DeFi ecosystem due to its CRV token rewards emissions, which serve as a source of income for several other protocols.
The suspected hacker appears to have changed the domain name system (DNS) entry for the protocol, forwarding users to a fake clone and approving a malicious contract. The program’s contract remained uncompromised, however.
In response to the hack, the protocol advised users in a Telegram message to refrain from using curve.fi or curve.exchange until the protocol’s operators locate the source of the exploit.
“We are becoming aware of a potential front end issue that is approving a bad contract,” the Telegram announcement read. “For now, please do not perform any approvals or swaps. We’re trying to locate the issue, but for now, for your safety, do not use curve.fi or curve.exchange.”
DISCLOSURE
Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
:format(webp)/s3.amazonaws.com/arc-authors/coindesk/dcfcc5f4-a693-418d-a529-bb8e772f39d1.png)
Elizabeth Napolitano is a news reporter at CoinDesk.
Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.