Website of Decentralized Crypto Exchange Curve ‘Compromised’

Issue “found and reverted,” Curve says in latest tweet after investigation

article-image

Blockworks exclusive art by axel Rangel

share

key takeaways

  • Curve.Exchange uses a different domain name system provider and seems to be unaffected
  • Twitter account foobar claimed at about 4:30 pm ET that roughly $570,000 worth of tokens had been stolen so far

The main website of decentralized digital asset exchange Curve Finance has been compromised in what appears to be the latest instance of a nefarious crypto exploit. 

The issue was “found and reverted,” Curve tweeted at 5:28 pm ET, pointing to this address as the contract that users should revoke.

“If you have approved any contracts on Curve in the past few hours, please revoke immediately,” it wrote.

The firm warned users it’s looking into an apparent nameserver attack, saying its website should be avoided. It wasn’t immediately clear whether any funds had been compromised. 

“Don’t use http://curve.fi site – nameserver is compromised,” the company wrote in a tweet Tuesday. “Investigation is ongoing: likely the NS itself has a problem.”

In a subsequent tweet, Curve said that Curve.Exchange uses a different domain name system provider and seems to be unaffected, though noted that users still “need to proceed with caution.”

Curve urged domain registrar iwantmyname to “please do something” at 5:22 pm ET.

“We switched nameserver, but don’t rush to use http://curve.fi – wait a bit,” the decentralized exchange added.

Twitter account foobar claimed at about 4:30 pm ET that roughly $570,000 worth of tokens had been stolen so far, pointing to this address

Loading Tweet..

The incident comes after a hacker produced a phishing pop-up on Polygon and Fantom last month warning users their funds were at risk and urging them to enter their private account keys.

That hacker accessed Polygon and Fantom’s remote procedure call (RPC) interfaces through the Web3 infrastructure platform Ankr by tricking a third party domain name system (DNS) provider into giving the hacker access to Polygon and Fantom’s domains.

This is a developing story.

Updated Aug. 9, 2022, 5:52 pm


Don’t miss the next big story – join our free daily newsletter.

Tags

Upcoming Events

Hilton Metropole | 225 Edgware Rd, London

Mon - Wed, March 18 - 20, 2024

Crypto’s premier institutional conference returns to London in March 2024. The DAS: London Experience: Attend expert-led panel discussions and fireside chats Hear the latest developments regarding the crypto and digital asset regulatory environment directly from policymakers and experts.

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Top Icon.png

Research

Osmosis thrived in H2 2023 on the back of increased DeFi activity deriving from recently launched Cosmos-related projects and better market conditions. With new value accrual mechanisms for the native token, Osmosis is well-positioned to continue its strong performance in 2024.

/

article-image

Do Kwon may miss the start of the March 25 trial in the SEC’s case against the former executive and Terraform Labs

article-image

Riot Platforms bought 31,500 more mining machines while CleanSpark has begun operating in Mississippi

article-image

Dencun was activated on all testnets, a blog post Tuesday said

article-image

Hut 8 also announced it broke ground on a Texas mining site

article-image

Uniswap aims to become a “complete platform for swapping” following its latest product releases

article-image

Continued demand for bitcoin ETFs coupled with greater demand for bitcoin from exchanges is contributing to price moves, analysts say