Over $530k was stolen from Curve Finance Tuesday after a hacker took control of the nameserver to redirect the DNS to a malicious server. The front end of the Curve website was cloned to trick users into believing they were interacting with a legitimate site.
Users were not able to identify the exploit because the SSL certificate, domain name, and website content were identical to the real version of the site. The correct IP for Curve's server has been released and information on how to check this can be found at the end of this article.
Curve had updated its Twitter account within an hour to find the malicious contract that should be revoked from all users' wallets. The platform reverted the issue after a statement that it had found and reverted it.
Curve advises users to take additional precautions when interacting with its dApp, as of 7 PM GMT on August 10. The issue has been resolved, but not all DNS records have been updated at this time. Users who understand how to verify an IP are safe to use the platform, and others should use curve.exchange in the meantime.
On Wednesday afternoon, Tether s CTO Paolo Ardoino commented on the hack to state.
This attack shows that the ingenuity of hackers poses a near- and ever-present danger to our industry. We applaud Curve for its ability to pinpoint the source of the hack, and speedily act. This is exactly how a protocol should react in a time when customers' funds are at risk. How do I check if curve.fi resolves to the correct server?
The following methods can be used to check how the IP address resolves at your location for those who want to use Curve Finance.
If it does, then your current internet connection is resolving to the correct server for the domain.
Users are advised to use curve.exchange until the Curve team releases a further update to confirm all DNS records have propagated.