Curve fixed the bug caused by a hacker attack

According to the team’s statement on Twitter, it appears that the bug found in the Curve Finance protocol was fixed after a hacker attack.

What happened to Curve Finance

Yesterday morning, the DeFi project had been attacked, as stated by the Paradigm researcher in a social media post:

In essence, a hacker had hijacked the website’s Domain Name Service (DNS) and those who interacted with the homepage by logging into Curve had their MetaMask wallet emptied of their funds.

The Curve team immediately alerted users, urging them to use a different link to access the platform.

CZ Zhaopeng, the CEO of Binance, had also warned users on Twitter:

In fact, the Curve DAO token is listed on the exchange. At the time of writing this article, CRV is losing 4%, according to CoinMarketCap data, while it has lost as much as 83% in trading volume over the past 24 hours.

According to ZachXBT, an anonymous investigator of what is happening on-chain, the hacker reportedly managed to steal $570,000, which was allegedly moved to FixedFloat, a Bitcoin exchange based on the Lightning Network second layer. 

The exchange, after being alerted, managed to block some of the funds, namely $200,000.

Curve Finance is one of the most well-known DeFi projects with a Total Value Locked (TVL) of as much as $6 billion. Notably, Curve stands as the second most used protocol in decentralized finance, after Maker.

Hacker attacks against DeFi

Unfortunately, bugs and hacker attacks against decentralized finance protocols are quite commonplace.

In early August it was the turn of Nomad, a cross-chain bridge, which had seen hackers steal about $200 million.

In late June hackers had also stolen $100 million in Ethereum from the Harmony ecosystem.

In April, CoinMarketCap itself had also lost $130,000 in a phishing attack.

To avoid nasty surprises, the experts’ advice is always to double-check that the site or platform with which people interact with their wallet is the official one and not to click on links received via email or SMS.


Source: https://en.cryptonomist.ch/2022/08/10/curve-fixed-bug-caused-hacker-attack/