Stablecoin trading service Curve Finance was exploited through its front end in the last 12 hours, possibly due to a DNS compromise, resulting in more than $573,000 being siphoned off from the victims.
The news was first tweeted by Paradigm researcher samczsun, who warned users not to use the protocol until further notice. Curve Finance retweeted samczsun, confirming the news.
The Curve team also hinted that the attacker possibly cloned the Curve site, and made the Domain Name System (DNS) direct towards the fraudulent site and then added approval requests to the malicious contract.
On-chain data show that a malicious contract is responsible for the exploit. The attacker stole more than $573,000 in USDC and DAI from eight different victims.
The funds were transferred to the attackers wallet and swapped for ETH tokens by sending them to crypto exchange FixedFloat, first in batches of 45 ETH, then in amounts ranging from 20 to 22 ETH.
The attacker had also sent tokens through Tornado Cash, a crypto mixer which was sanctioned by the U.S. Treasury Department just yesterday.
The team suggested users to use curve.exchange as it was seemingly unaffected because it uses a separate DNS provider.
Curve Finance urged users to revoke Curve contracts they may have approved in the last few hours.
Also Read: How to Revoke Token Approvals and Permission from DAPPs
