Curve Finance (CURVE) hacked – 570K of funds stolen

On Tuesday, Curve Finance warned its users about an attack on the frontend of the website. The attacker managed to grab over 570,000 worth of euros from Curve Finance users. The team at Curve quickly threw out an alert and the attack has since been defused.

- Advertisement -

Problem found and fixed

Not long after the problem was announced, Curve Finance informed us that the situation has already been rectified.

“The problem has been found and resolved. If you have approved contracts on Curve in the past few hours, please revoke them immediately. For now, use curve.exchange until curve.fi is working again as it should,” said Curve Finance with the message to revoke all contracts of the past hours.

According to Curve Finance themselves, the problems likely stem from the hack of their DNS server provider Iwantmyname. In response, Curve Finance switched to a different name server. A name server works like a directory or pipeline that translates domain names into IP addresses.

Why is a DNS hack dangerous?

A nameserver hack is dangerous because it allows hackers to use a clone of the website to make people feel like they are in a secure environment. The domain name and the look of the website are often almost completely correct, but all the information you enter goes straight to the hackers. People who connect their wallets at times like that run the risk of losing their assets.

It could also be that you enter a smart contract that the hackers then make some changes to. Without you realizing it, you then send your hard-earned crypto to the hackers, instead of the intended destination.

The situation has since been resolved for Curve Finance, but hacks like this can be deadly for a protocol like this. When trust in a party is gone within the crypto industry, things can move quickly.

- Advertisement -

‘Don’t trust, verify’

Which brings us to a statement that is central to this industry: “don’t trust, verify.” Don’t trust anything and always verify everything before sending a financial transaction. Especially when large sums of money are involved.

That’s a piece of ethos that’s a little trickier, especially in the DeFi world, than it is for bitcoin. Basically, with bitcoin, it’s pretty simple to verify everything before you send a transaction. If you’re running your own node, then you can be confident that everything is correct.

In the case of DeFi, that’s trickier. Even if you run an Ethereum node, in this case you still have to rely on a service provider like Curve Finance, which in turn also relies on several service providers.

- Advertisement -

In this case, it was a hack of Curve Finance’s domain name server, which the project itself can therefore not do much about. In principle, you could check all this, by always verifying the address of the website or, for example, testing some things on the website.

In practice, however, you see that many people do not do that, which in this case results in at least 570,000 euros in stolen assets.

Previous Articles:

- Advertisement -

Latest

Uniswap (UNI) Rebounds Above $6 After Brief Uptrend Breakdown

Uniswap's UNI token dropped below its key uptrend line following a failed hold above the $6.00 support level.High trading volumes accompanied the decline, including...

Michael Saylor Invites Joe Rogan to Discuss Bitcoin on Podcast

Michael Saylor has shown interest in discussing Bitcoin on The Joe Rogan Experience podcast.The idea has generated excitement in the Bitcoin community, with some...

Congress Debates Stablecoin Bill Amid Rising Bank and Crypto Tensions

U.S. lawmakers are moving forward with the Senate Guiding and Establishing National Innovation for U.S. Stablecoins (GENIUS) Act, with debates set to resume after...

American Engineer Drugged, Robbed in Sophisticated London Crypto Heist

An American software engineer lost approximately $123,000 in cryptocurrency after being drugged and robbed in London.The victim was targeted by an impersonator posing as...

Max Keiser Doubts New Bitcoin Treasuries’ Discipline in Bear Market

Bitcoin-focused companies are increasingly copying the treasury strategy used by Michael Saylor's Strategy.Max Keiser raised doubts about whether these newer companies can maintain commitment...

Must Read

10 Best Crypto Audiobooks You Don’t Want to Miss

So, you are getting tired of reading books and you want to switch to audiobooks that talk about cryptocurrencies. Well, today we are going...