DeFi Exchange Curve taber $570,000 i Frontend Hack

One after another, the web3 platforms are being exploited by hackers since the global crypto boom; one of the recent victims is the decentralized finance (DeFi) protocol Kurve.Finans. The thieves stole $570,000 from the exchange as its front end was compromised through an attack taking control of its nameserver.

Curve Finance is an Ethereum-based decentralized exchange and automated market maker (AMM) for trading stablecoins and wrapped digital assets such as wBTC and tBTC.

Update: The DeFi exchange has announced the issue has been fixed and says it is safe to use again. They also mindet the affected users to revoke the contract used for the exploitation.

Hvad skete der?

In a tweet, Samczsun, a researcher at Paradigm, reported that the Curve Finance front end has been compromised and advised users to not engage with the platform until the issue is resolved.

After receiving the report, Curve immediately bekræftet the exploit and warned users not to use the platform’s frontend. They also stated that the team is investigating. 

Accordingly, they found that the hackers compromised a Curve website or domain name to redirect unsuspecting users and their transactions to a malicious contract. Fortunately, the program’s contract remained uncompromised.

Subsequently, the protocol’s operators annoncerede via Telegram that they found the source of the problem and resolved it. 

“If you have approved any contracts on Curve in the past few hours, please revoke immediately,” Curve advised.

Further, the team also advised users to temporarily use curve.exchange until the propagation of curve.fi goes back to normal.

“We are becoming aware of a potential front end issue that is approving a bad contract. For now, please do not perform any approvals or swaps. We’re trying to locate the issue, but for now, for your safety, do not use curve.fi or kurve.udveksling,” the telegram announcement read.

On the other hand, Web3 on-chain sleuth Zachxbt revealed that the thieves stole $570,000 in ETH and sent it to the FixedFloat cryptocurrency exchange to launder the money.

To address this, FixedFloat stated that it had frozen 112 ETH ($191,088 or approximately ₱10,534,427.04) of the stolen funds.

Denne artikel er offentliggjort på BitPinas: DeFi Exchange Curve taber $570,000 i Frontend Hack

Disclaimer: BitPinas artikler og dets eksterne indhold er ikke økonomisk rådgivning. Holdet tjener til at levere uafhængige, upartiske nyheder for at give information til filippinsk krypto og videre.