Alleged hacker altered protocol’s DNS record
DeFi Protocol curve finance has reported an exploit on their site. The alert was first raised by Paradigm researcher “Samzson”, who pointed out that the Curve Finance frontend had been compromised and, therefore, warned users against its use. The team behind the protocol immediately alerted users saying they were investigating the matter.
The problem, which seemed to be an attack on the service’s nameserver and frontend, was quickly identified by the team. Curve said through Twitter that their exchange appeared to be untouched by the hack as it uses a different domain name system (DNS) provider.
In addition, it warning that Iwantmyname, the DNS server provider, was compromised and its nameservers changed as a result.
In a Twitter post, Steven Ferguson, the founder of TCPshield, recounts what happened during the breach. The alleged hacker altered the protocol’s DNS record, redirecting users to a false clone and approving a malicious contract.
But the team moved quickly to solve the problem. After issuing the original warning, Curve announced that it had identified and fixed the problem and advised users to “immediately” withdraw any contracts they had just accepted. Also, it clarified which contract needed to be cancelled.
According to reports, over $570,000 were stolen in the brief attack.
