According to the team’s statement on Twitter, it appears that the bug found in the Curve Finance protokol je popravljen after a hacker attack.
Updates should have propagated for https://t.co/vOeMYOTq0l everywhere by now, which means it should be safe to use
- Curve Finance (@CurveFinance) Avgust 10, 2022
What happened to Curve Finance
Yesterday morning, the DeFi project had been attacked, as stated by the Paradigm researcher in a social media post:
???@CurveFinance frontend je kompromitovan, nemojte ga koristiti do daljnjeg!
- samczsun (@samczsun) Avgust 9, 2022
In essence, a hacker had hijacked the website’s Domain Name Service (DNS) and those who interacted with the homepage by logging into Curve had their MetaMask wallet emptied of their funds.
The Curve team immediately alerted users, urging them to use a different link to access the platform.
Problem je pronađen i vraćen. Ako ste odobrili bilo koji ugovor na Curveu u proteklih nekoliko sati, molimo vas da ga odmah opozovete. Molimo koristite https://t.co/6ZFhcToWoJ za sada do propagacije za https://t.co/vOeMYOTq0l vraća u normalu
- Curve Finance (@CurveFinance) Avgust 9, 2022
CZ Zhaopeng, the CEO of Binance, had also warned users on Twitter:
Curve. finansijama je otet DNS u proteklih sat vremena. Haker je stavio zlonamerni ugovor na početnu stranicu. Kada bi žrtva odobrila ugovor, to bi ispraznilo novčanik. Šteta je do sada oko 570 hiljada dolara. Pratimo.
- CZ? Binance (@cz_binance) Avgust 9, 2022
In fact, the Curve DAO token is listed on the exchange. At the time of writing this article, CRV is losing 4%, according to CoinMarketCap data, while it has lost as much as 83% in trading volume over the past 24 hours.
According to ZachXBT, an anonymous investigator of what is happening on-chain, the hacker reportedly managed to steal $570,000, which was allegedly moved to FixedFloat, a Bitcoin exchange based on the Lightning Network second layer.
Looks like $570k stolen
0x50f9202e0f1c1577822BD67193960B213CD2f331 pic.twitter.com/IG6nIKVv59
— ZachXBT (@zachxbt) Avgust 9, 2022
The exchange, after being alerted, managed to block some of the funds, namely $200,000.
Curve Finance is one of the most well-known DeFi projects with a Total Value Locked (TVL) of čak 6 milijardi dolara. Notably, Curve stands as the drugi većina polovan protocol in decentralized finance, after proizvođač.
Hacker attacks against DeFi
Unfortunately, bugs and hacker attacks against decentralized finance protocols are quite commonplace.
In early August it was the turn of nomad, a cross-chain bridge, which had seen hackers steal about $200 million.
U kasno Jun hackers had also stolen $100 million in Ethereum from the Harmony ecosystem.
In April, CoinMarketCap itself had also lost $130,000 in a phishing attack.
To avoid nasty surprises, the experts’ advice is always to double-check that the site or platform with which people interact with their wallet is the official one and not to click on links received via email or SMS.
Source: https://en.cryptonomist.ch/2022/08/10/curve-fixed-bug-caused-hacker-attack/