The project’s developers said that they had already fixed the vulnerability

Hackers withdrew $570 000 from the Curve protocol

10.08.2022 - 10:25

215

2 min

What’s new? On August 9, hackers stole about 327 ETH (~$570 000 at the time of the hack) from Curve.Finance, a decentralized finance (DeFi) protocol. Representatives of the project announced this on Twitter, asking users to cancel all transactions that were open within a few hours before the hack. The developers later assured that they had discovered and fixed the vulnerability.

Details of the hack. According to Changpeng Zhao, head of cryptocurrency exchange Binance, the hacker changed the domain name system (DNS) record for the Curve protocol to redirect users to a fake site. After that, a special smart contract was created that was withdrawing all of the assets of the protocol’s customers.

After the hack, the hacker withdrew funds to the FixedFloat exchange, but the platform team was able to freeze part of the funds — 112 ETH (~$191 000)

Curve.Finance is a project launched in 2020 representing a decentralized exchange (DEX) and automated market maker (AMM) for trading stablecoins and wrapped digital assets such as wBTC and tBTC. The total value locked (TVL) as of August 10, 09:50 UTC is $6,01 billion, according to DefiLlama. The platform has the native token CRV with a market capitalization of $507,5 million, the current rate is $1,29 (-4,5% per day, according to Binance).

On July 23, Audius, a decentralized music service, was hacked, causing hackers to withdraw $6 million in cryptocurrency. Attackers changed certain configurations of a smart contract used by Audius’ governance system.

Author:

Vasiliy Smirnov Vasiliy Smirnov

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy