Update: Curve has announced the issue has been fixed and says it is safe to use again.
The issue has been found and reverted. If you have approved any contracts on Curve in the past few hours, please revoke immediately. Please use https://t.co/6ZFhcToWoJ for now until the propagation for https://t.co/vOeMYOTq0l reverts to normal
— Curve Finance (@CurveFinance) August 9, 2022
Samczsun, a researcher at Paradigm, is reporting that the Curve Finance front end has been compromised, with over $500k stolen within a matter of minutes.
@CurveFinance frontend is compromised, do not use it until further notice!
— samczsun (@samczsun) August 9, 2022
The official Curve Finance Twitter has confirmed the news stating:
Don't use the frontend yet. Investigating! https://t.co/8kmtpGsLQQ
— Curve Finance (@CurveFinance) August 9, 2022
The founder of Rotkiapp, Lefteris Karapetsas, theorized that “It’s DNS spoofing. Cloned the site, made the DNS point to their ip where the cloned site is deployed and added approval requests to a malicious contract.” Curve retweeted the theory in apparent support before following up with a further announcement;
Don't use https://t.co/vOeMYOTq0l site – nameserver is compromised. Investigation is ongoing: likely the NS itself has a problem
— Curve Finance (@CurveFinance) August 9, 2022
The post Curve Finance front end UI compromised in DNS hack – users advised not to interact appeared first on CryptoSlate.
Source: https://cryptoslate.com/curve-finance-front-end-ui-compromised-in-dns-hack-users-advised-not-to-interact/