According to users, the site’s front-end exploit appears to have resulted in theft of more than $573,000.
On Tuesday, automated market maker Curve Finance took to Twitter to warn users of a vulnerability on its site. The team behind the protocol noted that the issue, which appears to be a malicious attack, affects the nameserver and front end of the service.
Curve stated on Twitter that the exchange, which is a separate product, was not affected by the attack because it uses a different Domain Name System (DNS) provider.
However, the problem was quickly resolved by the team. An hour after the initial warning, Curve said it found and fixed the problem, instructing users who had accepted any contracts on Curve in the past few hours to “immediately” void contracts.
It is likely that DNS server provider Iwantmyname was hacked, Curve added, adding that he later changed the nameserver.
The nameserver acts like a directory that translates domain names into IP addresses.
While the exploit was still ongoing, Twitter user LefterisJP speculated that the alleged attacker most likely used DNS spoofing to apply the exploit to the service:
Other participants in the DeFi space quickly took to Twitter to spread the warning to their followers, with some stating that the alleged thief stole more than $573,000.
Last July, analysts said they had a positive outlook on Curve Finance, although the market downturn continued to affect the broader DeFi space. Delphi Digital researchers cited the platform’s revenue opportunities, demand for Curve DAO Token (CRV) deposits, and the protocol’s revenue from stablecoin liquidity as reasons for their optimism.
This follows the platform’s launch in June of a “new algorithm for exchanging volatile assets” that promises to allow low-slip swaps between “volatile” assets. These aggregators use a combination of internal prophecies based on the Exponential Moving Averages (EMAs) and the Correlation Curve Model, previously published by popular auto market makers like Uniswap.
Update: Added an announcement from Curve Finance that the issue has been resolved, stating that the potential culprit for the exploit is their nameservers.