Curve Finance fixes site bug, tells users to cancel recent contracts

Users claim that over $573,000 USD was stolen as a result of an exploit of the Curve Finance website's front end.

Automated market creator Curve Finance used Twitter on Tuesday to alert users of a vulnerability on its platform. The protocol's developers observed that the problem, which seemed to be a malicious actor's attack, was affecting the service's nameserver and frontend.

Don't use https://t.co/vOeMYOTq0l site – nameserver is compromised. Investigation is ongoing: likely the NS itself has a problem

— Curve Finance (@CurveFinance) August 9, 2022

Using a different domain name system (DNS) provider, Curve said through Twitter that their exchange, a separate product, appeared to be untouched by the hack.

But the team moved fast to solve the problem. After issuing the original warning, Curve announced that it had discovered and fixed the problem and advised customers to “immediately” withdraw any contracts they have just approved.

The issue has been found and reverted. If you have approved any contracts on Curve in the past few hours, please revoke immediately. Please use https://t.co/6ZFhcToWoJ for now until the propagation for https://t.co/vOeMYOTq0l reverts to normal

— Curve Finance (@CurveFinance) August 9, 2022

Iwantmyname, a provider of DNS servers, was most likely compromised, according to Curve, who also stated that the company has since changed its nameserver.

Like a directory, a nameserver converts domain names into IP addresses.

Twitter user LefterisJP predicted that the suspected attacker had most likely used DNS spoofing to carry out the exploit on the service while it was still active:

looks as usual to me? how can one tell it is compromised? pic.twitter.com/79205EZeZW

— manner_teacher (@manner_teacher) August 9, 2022

The alert was promptly shared on Twitter by other DeFi industry members, some of whom noted that the alleged theft appeared to have totaled more than $573,000 USD.

Alert to all @CurveFinance users, their frontend has been compromised!

Do not interact with it until further notice!

It appears around $570k stolen so far 🙄#defi #crypto $crv

— Assure DeFi (@AssureDefi) August 9, 2022

Analysts said they were favorably evaluating Curve Finance back in July, despite the market downturn that is still having an impact on the bigger DeFi business. Researchers at Delphi Digital especially mentioned the platform's yield potential, the demand for Curve DAO Token (CRV) deposits, and the protocol's revenue creation via stablecoin liquidity as grounds for their optimism.

This came after the platform's June publication of a brand-new “algorithm for exchanging volatile assets” that promised to enable low-slippage swaps between “volatile” assets. These pools combine a bonding curve approach, previously used by well-known automated market makers like Uniswap, with internal oracles that rely on exponential moving averages (EMAs).