Hackers continue to search for weaknesses in popular decentralized finance protocols, and Curve Finance is the latest platform to fend off an attack. On Tuesday the popular decentralized stablecoin exchange fell victim to a domain name system hijack in which hackers briefly took control of the project’s homepage. The exchange posted a tweet on Tuesday warning users to refrain from using the website due to the front page being compromised after several users reported a change in the nameserver. The attack appears to have been isolated to the front page of the platform, leaving its backend exchange which uses a completely different DNS unaffected.
Users who attempted to interact with the compromised front page were redirected to a page controlled by the hackers, where the funds held in their wallet were subsequently drained. It is estimated that a total of 605,000 USDC and 6,500 were stolen in the hack before Curve could fix the vulnerability, which the hackers immediately converted to 363 Ether in an attempt to avoid having the USDC frozen by authorities. FixedFloat managed to freeze 112 of the stolen ETH and provided 1 BTC address, 1 BSC address and 1 LTC address where the hackers withdrew the remaining stolen funds. An additional 20 ETH was deposited to a Binance hot wallet while an unknown exchange hot wallet received 23 ETH.
The blockchain analytics firm Elliptic is currently tracking all wallet addresses associated with the hack and will inform the crypto community of any important updates.
Source: Jordan Finneseth | Kitco News