Defi Attacker Siphons $570,000 From Curve Finance, Crypto Exchange Fixedfloat Freezes 112 Ethereum

Meta description

Reports indicate that the Curve decentralized finance (defi) protocol was hacked for $570,000 in Ethereum after people noticed Curve’s front-end being exploited. The attackers then attempted to launder the funds through the Fixedfloat crypto exchange, and the trading platform team managed to freeze $200,000 of the stolen funds.

Curve Finance tapped for $570,000 – Fixedfloat Exchange freezes over $200,000, domain service blamed

Another challenge hack was discovered on August 9, when Paradigm researcher Samczsun tweeted that the Curve Finance interface has been compromised. Curve Finance confirmed the issue on Twitter and later the team was able to roll back the exploit found on the frontend. “The problem has been found and solved”, Curve said. “If you have approved any contracts on Curve in the past few hours, please revoke them immediately.”

When Curve was asked if the team could “go into detail on how the nameservers were compromised?” Curve replied“We don’t know that. Most likely, [iwantmyname.com] themselves have been hacked. The Chain Seeker Zachxbt reported that the hacker managed to get away with $570,000. The funds were sent to the Fixedfloat exchange powered by Bitcoin Lightning Network, and the exchange noted that the team managed to freeze some of the funds.

“Our security service has frozen part of the funds amounting to 112 [ether]. In order for our security department to fix what happened as soon as possible, please email us » Fixedfloat wrote. Steven Fergusonthe founder of Tcpshield, further verified that it is possible that the domain service iwantmyname.com has been hacked.

“On August 9 at 20:26 UTC, I received a ping regarding [Curve fi’s] frontend being compromised in what appears to be a nameserver hack at [iwantmyname.com]“said Ferguson. The founder of Tcpshield added:

This did not appear to be a hijacking at the registrar level, but rather systems at the registrar level. [iwantmyname.com] have compromised.

The Curve attack follows a slew of challenge hacks in recent weeks, as Solana-based Slope wallet was hacked, Crema Finance lost $8.7 million and Rari’s Fuse platform Capital was hacked for $80 million. Additionally, $1.3 billion was stolen in the first quarter of 2022 and most of the attacks stemmed from challenge projects this year.

Following the Curve attack, the Curve team was Tweeter walkthroughs on how users can revoke a smart contract. Once problems are detected and resolved, Curve Finance said: “Updates should have propagated for [Curve] everywhere now, which means it should be safe to use. Curve Finance today has $6.13 billion in total value locked (TVL), making it the fifth largest challenge protocol by TVL size.

Keywords in this story

$6.13 billion TVL, 2022 Defi Hacks, Crema Finance, Curve attack, Curve fi frontend, Curve hack, Curve team, Curve.fi, decentralized finance, Defi Hack, domain service, Fixedfloat, frozen eth, frozen funds, Hack, iwantmyname.com, Name Service, Steven Ferguson, Tcpshield, Zachxbt

What do you think of the Curve Finance hack that happened on August 9th? Let us know what you think about this topic in the comments section below.

Jamie Redman

Jamie Redman is the Chief Information Officer at Bitcoin.com News and a fintech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He is passionate about Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written over 5,700 articles for Bitcoin.com News about disruptive protocols emerging today.




Image credits: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This article is for informational purposes only. This is not a direct offer or the solicitation of an offer to buy or sell, or a recommendation or endorsement of any product, service or company. Bitcoin.com does not provide investment, tax, legal or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.