{"id":33263,"date":"2022-08-12T07:21:54","date_gmt":"2022-08-12T11:21:54","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=33263"},"modified":"2022-08-12T07:21:56","modified_gmt":"2022-08-12T11:21:56","slug":"attackers-hijack-curve-finance-dns-steal-570k","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/attackers-hijack-curve-finance-dns-steal-570k\/","title":{"rendered":"Attackers Hijack Curve Finance DNS, Steal $570K"},"content":{"rendered":"\n<h5 class=\"wp-block-heading\" id=\"h-decentralized-crypto-exchange-curve-finance-discovered-its-dns-was-being-hijacked-in-another-significant-security-breach-in-the-cryptocurrency-world\">Decentralized crypto exchange Curve Finance discovered its DNS was being hijacked in another significant security breach in the cryptocurrency world.<\/h5>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full is-resized\"><img fetchpriority=\"high\" decoding=\"async\" src=\"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/08\/image-54.png\" alt=\"Attackers Hijack Curve Finance DNS, Steal $570K\" class=\"wp-image-33280\" width=\"506\" height=\"320\" srcset=\"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/08\/image-54.png 269w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/08\/image-54-150x95.png 150w\" sizes=\"(max-width: 506px) 100vw, 506px\" \/><figcaption>Attackers Hijack Curve Finance DNS, Steal $570K<\/figcaption><\/figure>\n\n\n\n<p>On the main page, the hackers were able to insert a fraudulent contract that, if accepted by the victim, would entirely empty the user's wallets. The attackers took more than 570K from user wallets on Curve Finance, according to <a href=\"https:\/\/coinscreed.com\/staging\/binance-founder-changpeng-zhao-says-us-crypto-exchange-will-go-public-in-three-years.html\" target=\"_blank\" rel=\"noreferrer noopener\">Changpeng Zhao<\/a>, CEO of Binance. Moreover, CZ wrote:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\" id=\"h-they-use-godaddy-for-dns-which-is-insecure-no-web3-projects-should-use-that-very-susceptible-to-social-engineering\"><p>They use GoDaddy for DNS, which is insecure. No <a href=\"https:\/\/coinscreed.com\/staging\/list-of-best-web3-crypto-projects-to-invest-in.html\" target=\"_blank\" rel=\"noreferrer noopener\">web3 <\/a>projects should use that. Very susceptible to social engineering.<\/p><\/blockquote>\n\n\n\n<p>After becoming aware of the situation, the platform declared the curve.fi nameserver had been <a href=\"https:\/\/www.google.com\/search?q=Attackers+Hijack+Curve+Finance+DNS%2C+Steal+%24570K&rlz=1C1CHBF_enNG1007NG1008&oq=Attackers+Hijack+Curve+Finance+DNS%2C+Steal+%24570K&aqs=chrome..69i57j69i61.2777j0j9&sourceid=chrome&ie=UTF-8\" target=\"_blank\" rel=\"noreferrer noopener\">hacked<span class=\"wpil-link-icon\" title=\"Link goes to external site.\" style=\"margin: 0 0 0 5px;\"><svg width=\"24\" height=\"24\" style=\"height:16px; width:16px; fill:#000000; stroke:#000000; display:inline-block;\" viewBox=\"0 0 24 24\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" xmlns:svg=\"http:\/\/www.w3.org\/2000\/svg\"><g id=\"wpil-svg-outbound-7-icon-path\" fill=\"none\" clip-path=\"url(#clip0_31_188)\">\r\n                            <path d=\"M9.16724 14.8891L20.1672 3.88908\" stroke-linecap=\"round\"\/>\r\n                            <path d=\"M13.4497 3.53554L20.5208 3.53554L20.5208 10.6066\" stroke-linecap=\"round\" stroke-linejoin=\"round\"\/>\r\n                            <path d=\"M17.5 13.5L17.5 16.26C17.5 17.4179 17.5 17.9968 17.2675 18.4359C17.0799 18.7902 16.7902 19.0799 16.4359 19.2675C15.9968 19.5 15.4179 19.5 14.26 19.5L7.74 19.5C6.58213 19.5 6.0032 19.5 5.56414 19.2675C5.20983 19.0799 4.92007 18.7902 4.73247 18.4359C4.5 17.9968 4.5 17.4179 4.5 16.26L4.5 9.74C4.5 8.58213 4.5 8.0032 4.73247 7.56414C4.92007 7.20983 5.20982 6.92007 5.56414 6.73247C6.0032 6.5 6.58213 6.5 7.74 6.5L11 6.5\" stroke-linecap=\"round\"\/>\r\n                        <\/g>\r\n                        <defs>\r\n                            <clipPath id=\"clip0_31_188\">\r\n                                <rect fill=\"white\" height=\"24\" width=\"24\"\/>\r\n                            <\/clipPath>\r\n                        <\/defs><\/svg><\/span><\/a>. The curve.exchange, which uses a different DNS provider, seems to be unaffected, according to the statement.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-problem-is-fixed-and-reversed-via-curve-finance\">The Problem is Fixed and Reversed via Curve Finance<\/h2>\n\n\n\n<p>The platform also said that it has discovered the problem and fixed it in another tweet. It urged people to cancel any commitments right now.<\/p>\n\n\n\n<p>One of the most significant initiatives in the market for decentralized finance (DeFi) is Curve Finance. The protocol has more than $6 billion in deposits, according to the<a href=\"https:\/\/coinscreed.com\/staging\/ripple-exec-says-defi-needs-killer-app-to-advance-to-next-level.html\" target=\"_blank\" rel=\"noreferrer noopener\"> DeFi<\/a> Llama website tracker. Since the year's commencement, deposits totaled $24 billion, which represents a decrease. Due to the recent downturn in the <a href=\"https:\/\/coinscreed.com\/staging\/cryptocurrency-market-is-about-to-explode-says-celsius-ceo.html\" target=\"_blank\" rel=\"noreferrer noopener\">cryptocurrency market<\/a>, security attacks have increased.<\/p>\n\n\n\n<p>Due to the token rewards issuance of the <a href=\"https:\/\/coinscreed.com\/staging\/curve-token-crv-soars-17-after-terras-4pool-launch.html\" target=\"_blank\" rel=\"noreferrer noopener\">CRV tokens<\/a>, it has been seen as a crucial component of the DeFi ecosystem. The DeFi ecosystem's other protocols may make money off of this as well.<\/p>\n\n\n\n<p>The Curve DAO Token (CRV) has lost more than 10% of its value over the last day and is now at $1.27 with a $660 million market cap.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Decentralized crypto exchange Curve Finance discovered its DNS was being hijacked in another significant security breach in the cryptocurrency world. On the main page, the hackers were able to insert a fraudulent contract that, if accepted by the victim, would entirely empty the user&#8217;s wallets. The attackers took more than 570K from user wallets on [&hellip;]<\/p>\n","protected":false},"author":39,"featured_media":33280,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[21,26],"tags":[5643,326,11067,10866],"class_list":["post-33263","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-cryptocurrencies","tag-defi-2","tag-binance","tag-curve-finance","tag-dns"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/08\/image-54.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/33263","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/39"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=33263"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/33263\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/33280"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=33263"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=33263"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=33263"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}