Hackers withdrew $570 000 from the Curve protocol
The project’s developers said that they had already fixed the vulnerability
10.08.2022 - 10:25
319
2 min
0
What’s new? On August 9, hackers stole about 327 ETH (~$570 000 at the time of the hack) from Curve.Finance, a decentralized finance (DeFi) protocol. Representatives of the project announced this on Twitter, asking users to cancel all transactions that were open within a few hours before the hack. The developers later assured that they had discovered and fixed the vulnerability.
The issue has been found and reverted. If you have approved any contracts on Curve in the past few hours, please revoke immediately. Please use https://t.co/6ZFhcToWoJ for now until the propagation for https://t.co/vOeMYOTq0l reverts to normal— Curve Finance (@CurveFinance) August 9, 2022
Details of the hack. According to Changpeng Zhao, head of cryptocurrency exchange Binance, the hacker changed the domain name system (DNS) record for the Curve protocol to redirect users to a fake site. After that, a special smart contract was created that was withdrawing all of the assets of the protocol’s customers.
Curve. finance had their DNS hijacked in the past hour. Hacker put a malicious contract on the home page. When the victim approved the contract, it would drain the wallet. Damage is around $570k so far. We are monitoring.— CZ 🔶 Binance (@cz_binance) August 9, 2022
After the hack, the hacker withdrew funds to the FixedFloat exchange, but the platform team was able to freeze part of the funds — 112 ETH (~$191 000)
Our security department has frozen part of the funds in the amount of 112 ETH. In order for our security department to be able to sort out what happened as soon as possible, please email us: [email protected]— FixedFloat⚡️ (@FixedFloat) August 9, 2022
Curve.Finance is a project launched in 2020 representing a decentralized exchange (DEX) and automated market maker (AMM) for trading stablecoins and wrapped digital assets such as wBTC and tBTC. The total value locked (TVL) as of August 10, 09:50 UTC is $6,01 billion, according to DefiLlama. The platform has the native token CRV with a market capitalization of $507,5 million, the current rate is $1,29 (-4,5% per day, according to Binance).
On July 23, Audius, a decentralized music service, was hacked, causing hackers to withdraw $6 million in cryptocurrency. Attackers changed certain configurations of a smart contract used by Audius’ governance system.
Useful material?
Market
According to the founder of TRON, the leading US crypto exchange asked for several hundred million dollars for the listing of TRX
Nov 4, 2024
Incidents
The company conducted fictitious trading for six years to inflate the trading volume of tokens of several companies, receiving payment for these services
Nov 1, 2024
Market
1,5 million addresses have already left applications
Oct 31, 2024
Business
The company began investing in bitcoin in 2020, and since then, the value of its securities has risen by 1700%
Oct 30, 2024
Mining
The Deputy Energy Minister explained that in deficit regions, it is impossible to allocate large capacities for industry enterprises until 2030
Oct 30, 2024
Market
Customers will also be able to withdraw funds to bank accounts using cards
Oct 30, 2024