Curve Finance Gives Update After $570,000 Worth of Ethereum (ETH) Goes Missing in Suspected Exploit

by George Georgiev
7 ways to make with crypto

Curve Finance Gives Update After $570,000 Worth of Ethereum (ETH) Goes Missing in Suspected Exploit

Curve Finance says that an issue with their website has been fixed and reverted after $570,000 in Ethereum (ETH) went missing. 

The decentralized exchange and automated market maker (AMM) first warned its users not to use the front end of its website Curve.fi yesterday afternoon after it detected that its nameserver was compromised.

“Don’t use curve.fi site – nameserver is compromised. Investigation is ongoing: likely the NS itself has a problem.”

It also alerted its domain manager of the issue. 

“Dear @iwantmyname, looks like something is compromised on your side (most likely, name servers – they seem to override what the UI tells them to serve). Please do something. For everyone else: we switched nameserver, but don’t rush to use curve.fi – wait a bit.”

The platform managed to identify and resolve the issue but urged users to take precautionary actions to protect their accounts from getting compromised. 

“The issue has been found and reverted. If you have approved any contracts on Curve in the past few hours, please revoke immediately. Please use curve.exchange for now until the propagation for curve.fi reverts to normal.”

Curve Finance told users to immediately revoke approvals for the malicious contract involved in the DNS hijacking event.

“The contract that needs to be revoked is: 0x9eb5f8e83359bb5013f3d8eee60bdce5654e8881 If you have approved it please revoke it immediately on/revoke.cash.”

Pseudonymous developer Foobar tells his 66,400 Twitter followers that the exploit led to the theft of at least $570,000 worth of Ethereum tokens. 

“Around $570k worth of tokens stolen so far, first victim was 90 minutes ago.”

Curve Finance Gives Update After $570,000 Worth of Ethereum (ETH) Goes Missing in Suspected Exploit

Source: 0xfoobar/Twitter

On-chain data showed the hacker using crypto exchange FixedFloat to siphon away some of the stolen ETH. According to the exchange, over 112 ETH were frozen to prevent the bad actor from going any further.

At time of writing, Curve Finance says it’s waiting for its DNS to update globally and that the best course of action is to continue using the curve.exchange domain.

Don’t Miss a Beat – Subscribe to get crypto email alerts delivered directly to your inbox

Check Price Action

Follow us on Twitter, Facebook and Telegram

Surf The Daily Hodl Mix

7 ways to make money in crypto

You may also like

Leave a Comment

The latest news about crypto industry at Coingraph. Most recent news about bitcoin, altcoin, blockchain, mining, cryptocurrency prices and more.

 

Email: [email protected]

© 2022 Coingraph.org – All rights reserved.