DeFi Protocol Curve ‘Finance’ Exploited in DNS Spoofing Attack

Curve Finance’s front end this week became the victim of an exploit that ended with a loss of more than US$573,000. Curve took to Twitter to warn its users of the issue with its site, though luckily the spoofing exploit did not affect the Curve exchange:

Exploiting the Curve

On August 9, Twitter user @samczsun alerted the public to the exploit with a tweet that read: “@CurveFinance frontend is compromised, do not use it until further notice!” Despite the Curve team’s quick response to the issue, they were unable to prevent the loss.

The hacker(s) responsible seemingly changed the protocol’s domain name system (DNS), which then allowed them to approve a malicious contract by directing users to a fake clone. In a stroke of luck for Curve, the program’s exchange remained uncompromised, as it utilises a separate DNS provider.

An hour after the initial warning of the exploit, Curve tweeted:

While a significant sum was lost, the quick circulation of information on Twitter regarding the attack on the nameserver and front end may have prevented greater losses.

The Curve decentralised finance (DeFi) protocol is an integral part of the DeFi ecosystem, and exploits such as this prevent other protocols from accessing income sources.

Protocol Exploits Elsewhere

DeFi protocol exploits have proliferated in 2022, with two notable examples occurring in May and June. The first victim was the Fortress protocol, with the crypto borrowing and lending platform losing approximately US$3 million in stolen funds. The Binance Smart Chain (BSC)-based platform had suffered an oracle attack only days prior.

More recently, Terra-based DeFi app Mirror Protocol was the subject of a US$2 million exploit related to Terra blockchain’s recent rebrand to Terra Classic. The exploit almost completely drained the mBTC, mGLXY, mETH, and mDOT pools. Luckily the developers were able to patch the damage before all pools could be drained.