Curve Finance Hacked, $570k Stolen!

Table Of Content

Share:

On Tuesday, 9th August, Curve Finance suffered from a DNS attack causing theft of a whooping $570,000+ USD. 

Curve Finance is a stablecoin decentralized exchange (DEX) that runs on the Ethereum blockchain. 

The attacker targeted the front end where the suspected hacker appears to have changed the domain name system (DNS) entry for the protocol, forwarding users to a fake clone website and approving a malicious contract. The program’s contract remained uncompromised, however.

The team behind the protocol noticed the issue and tweeted to warn the users about the exploit. 

A few hours after the exploit Curve again tweeted confirming both that they have found the issue and also reverted it. They also asked the user to immediately revert any contract they have approved on Curve prior. 

Curve explained that it was most likely that the DNS server provider Iwantmyname was hijacked. On the other hand, the exploit was going on, Twitter user LefterisJP speculated that the alleged attacker had likely utilized DNS spoofing to execute the exploit on the service. 

Other users quickly noticed and tweeted to warn the users that the alleged thief appears to have stolen more than $573,000 USD. 

Also read, GAMEFI: FUTURE OF GAMING OR SHORT-LIVED GIMMICK?

More Audits

Blockchain Trilemma: The Three Fighting Factors

Blockchain Trilemma - coined by Vitalik Buterin himself, is a condition in which the blockchain undergoes a compromising stage. It is truly believed that a fully decentralized network can never be scalable and secured at the same time.

SAFEMOON - March 29, 2023

Safemoon suffered an attack in which the SFM/BNB pool was drained, resulting in a loss of $8.9M worth of ‘locked LP’. The attack was carried out by exploiting a vulnerability in the new Safemoon contract that allowed anyone to burn SFM tokens from any address, thus inflating the price of SFM tokens in the pool.

Cream Finance Hack: What Motivates Hackers to Return Stolen Funds?

From an outsider’s perspective, returning millions of dollars worth of funds after successfully pulling off a complicated exploit is, at best, admirable, and at worst, foolish. What could be the motivation behind such a decision?

Dforce Network - February 13, 2023

The attack on dForce network had significant consequences for the platform and its users. By exploiting a reentrancy vulnerability in the wstETH/ETH pool on Curve and the dForce wstETH/ETH Vault, the attacker was able to manipulate the virtual price of the pool, which in turn affected the oracle used by the dForce wstETH/ETH Vault

ZeroLiquid Protocol - Audit Report

BlockApex (Auditor) was contracted by ZeroLiquid (Client) to conduct a Smart Contract Audit/ Code Review. This document presents the findings of our analysis, which started on 11th July ‘2023.

Pickle Finance Hack Analysis & POC (Nov 21st, 2021)

On 21sth November 2021, Pickle finance was hacked, where an attacker was able to drain $19M DAI from the pDai jar. The attack exploited multiple inconsistencies & flaws in the logic of the pickle jar contract.

Phase Protocol Audit Report

Phase Protocol is a NFT Marketplace infrastructure built on Solana Protocol, a reliable and scalable L1 solution. The on-chain Fundraising solution offered by DedMonke provides a crowdfunding experience to DeFi users.

Rain Protocol Audit Report

Rain Protocol lets you build web3 economies at any scale.Rain scripts are a combination of low level functions (opcodes) like addition and subtraction and very high level functions like fetching an ERC20 balance at a given snapshot ID (Open Zeppelin), or fetching a chainlink oracle price.

Your Data, Your Rules: The Blockchain Way

Data has become the vigor of the digital age, powering industries, economies, and societies worldwide. Whether personal information, financial records, intellectual property, or trade secrets, data is the driving force behind decision-making, innovation, and business operations. However, data security has emerged as a paramount concern with the increasing digitization of our lives and businesses.

1 2 3 11
Designed & Developed by: 
All rights reserved. Copyright 2023