Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Bitcoin Security The Almighty Buck

Curve Finance Front End UI Compromised In DNS Hack (cointelegraph.com) 12

According to researcher samczsun at Paradigm, Curve Finance has had its front end compromised, with over $500K stolen within a matter of minutes. The automated market maker is warning users to exercise caution when interacting with the site. Binance CEO Changpeng Zhao also shared the news and is monitoring the situation. CoinTelegraph reports: Curve stated via Twitter that its exchange -- which is a separate product -- appeared to be unaffected by the attack, as it uses a different DNS provider. Twitter user LefterisJP speculated that the alleged attacker had likely utilized DNS spoofing to execute the exploit on the service: "It's DNS spoofing. Cloned the site, made the DNS point to their ip where the cloned site is deployed and added approval requests to a malicious contract."

Other participants in the DeFi space quickly took to Twitter to spread the warning to their own followers, with some noting that the alleged thief appears to have stolen more than $573K USD at time of publication: "Alert to all @CurveFinance users, their frontend has been compromised! Do not interact with it until further notice! It appears around $570k stolen so far."

This discussion has been archived. No new comments can be posted.

Curve Finance Front End UI Compromised In DNS Hack

Comments Filter:
  • by Fly Swatter ( 30498 ) on Tuesday August 09, 2022 @05:52PM (#62776126) Homepage
    I almost typed that with a straight face.
    • Good one. I laughed too.

      Who would have thought that poorly regulated or unregulated financial markets would be such a shit show?

      Have none of these people ever read a history book? We've done this before and it was a disaster the first time around.

      • by znrt ( 2424692 )

        i nearly chocked on "frontend compromised". i doesn't get more lame than that, whoever "curve finance" is they can't be trusted to run a basic website, not to mention other people's hard earned cash. let the show go on, though, in these dire times of need we need more entertainment than ever.

        • I'm not really sure what "frontend compromised" means. Maybe the guys at Curve Finance are a bit unsure too.
  • The automated market maker is warning users to exercise caution when interacting with the site.

    By all means, DON'T take the site offline until you get your shit together. Make it the victim's problem by "warning" them.

    • The automated market maker is warning users to exercise caution when interacting with the site.

      By all means, DON'T take the site offline until you get your shit together. Make it the victim's problem by "warning" them.

      If the attackers put up a spoofed site and pointed the DNS to it, taking the real site down won't do anything.

      • Except make it easy to know that the site you're on is the spoofed one since the real one is down.

        • Except make it easy to know that the site you're on is the spoofed one since the real one is down.

          If you already knew that the real one was down, why in the world would you be going to it in the first place?

      • Wouldn't certificates have been involved? The whole point of those things is to (allegedly) fix DNS attacks. How were they bypassed?
  • by gosso920 ( 6330142 ) on Tuesday August 09, 2022 @09:13PM (#62776494)
    ... they're behind the Curve.

Real Users find the one combination of bizarre input values that shuts down the system for days.

Working...