Curve Finance says that an issue with their website has been fixed and reverted after $570,000 in Ethereum () went missing.
The decentralized exchange and automated market maker (AMM) first its users not to use the front end of its website Curve.fi yesterday afternoon after it detected that its nameserver was compromised.
“Don’t use curve.fi site – nameserver is compromised. Investigation is ongoing: likely the NS itself has a problem.”
It also alerted its domain manager of the issue.
“Dear @iwantmyname, looks like something is compromised on your side (most likely, name servers – they seem to override what the UI tells them to serve). Please do something. For everyone else: we switched nameserver, but don’t rush to use curve.fi – wait a bit.”
The platform managed to identify and resolve the issue but users to take precautionary actions to protect their accounts from getting compromised.
“The issue has been found and reverted. If you have approved any contracts on Curve in the past few hours, please revoke immediately. Please use curve.exchange for now until the propagation for curve.fi reverts to normal.”
Curve Finance users to immediately revoke approvals for the malicious contract involved in the DNS hijacking event.
“The contract that needs to be revoked is: 0x9eb5f8e83359bb5013f3d8eee60bdce5654e8881 If you have approved it please revoke it immediately on/revoke.cash.”
Pseudonymous developer Foobar his 66,400 Twitter followers that the exploit led to the theft of at least $570,000 worth of Ethereum tokens.
“Around $570k worth of tokens stolen so far, first victim was 90 minutes ago.”
On-chain data showed the hacker using crypto exchange FixedFloat to siphon away some of the stolen ETH. According to the exchange, over 112 ETH were to prevent the bad actor from going any further.
At time of writing, Curve Finance it’s waiting for its DNS to update globally and that the best course of action is to continue using the curve.exchange domain.
