Curve Finance Loses Over $520K After DNS Hijack

HomeDeFi
Share this article
Subscribe for weekly updates
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

The firm behind the CRV token, Curve Finance, became the latest victim of hacking when a DNS hijack compromised its front end. The perpetrator took control over curve.fi website's nameserver and stole at least $520K in just a few minutes after carrying out the attack.

The attack occurred just over a week after the exchange platform deployed the AAVE pool. Lefteris Karapetsas, the founder of security application Rotikapp, claims the attack was carried out by hijacking DNS; the hacker cloned Curve Finance's website and hacked the DNS to redirect to the fake website, where they added approval requests to their tampered contract.

Lefteris links the contract and claims that within an hour and a half, the perpetrator was able to launder $500K as ETH and $20K as other tokens.

In response, Curve Finance has changed its nameserver but cautions users to avoid using it yet and asks them to revoke any contracts made in the past few hours on the platform's front end using revoke.cash.

Written by
Ayush Pande

The firm behind the CRV token, Curve Finance, became the latest victim of hacking when a DNS hijack compromised its front end. The perpetrator took control over curve.fi website's nameserver and stole at least $520K in just a few minutes after carrying out the attack.

The attack occurred just over a week after the exchange platform deployed the AAVE pool. Lefteris Karapetsas, the founder of security application Rotikapp, claims the attack was carried out by hijacking DNS; the hacker cloned Curve Finance's website and hacked the DNS to redirect to the fake website, where they added approval requests to their tampered contract.

Lefteris links the contract and claims that within an hour and a half, the perpetrator was able to launder $500K as ETH and $20K as other tokens.

In response, Curve Finance has changed its nameserver but cautions users to avoid using it yet and asks them to revoke any contracts made in the past few hours on the platform's front end using revoke.cash.

Written by
Ayush Pande