Curve Finance, behind the popular altcoin CRV, has warned its users of an exploit on its site. The team behind the protocol drew attention to what appears to be an attack by a malicious actor. He noted that the attack affected the name server and frontend of the service. In addition, Binance CEO Changpeng Zhao also shared some explanations about the situation. Here are the details…
“Abuse” warning for popular altcoin
Automated market maker Curve has faced an exploit on its website. He stated on Twitter that his exchange, which is a separate product, was not affected by the attack because it used a different domain name system (DNS) provider. However, the issue was quickly dealt with by the team. An hour after the initial alert, Curve said it had both found and fixed the problem. It prompted users who had confirmed any contracts on Curve in the past few hours to “immediately” cancel.
Most likely, the DNS server provider Iwantmyname has been hacked, Curve noted. He added that he later changed the nameserver. A name server works like a directory that translates domain names into IP addresses. As the exploit continued, Twitter user LefterisJP speculated that the alleged attacker used DNS spoofing to execute the exploit on the service. Other participants in the DeFi space quickly took to Twitter to spread the warning. Some, including Changpeng Zhao, stated that the thief stole more than $573,000.
Analysts were positive about CRV
In July, analysts suggested that they view Curve Finance positively despite the market decline that continues to affect the broader DeFi space. As cryptokoin.com reported, researchers at Delphi Digital cited the platform’s return opportunities, the demand for Curve DAO Token (CRV) deposits, and the protocol’s revenue from stablecoin liquidity, among the reasons cited for their rise.
This comes after the platform released a new “algorithm” in June that promises to allow low-diversity swaps between “volatile” assets. These pools use a combination of Exponential Moving Averages (EMAs) and internal oracles formerly deployed by popular auto market makers like Uniswap.
Binance CEO criticizes the service Curve Finance uses
Meanwhile, according to Binance CEO Changpeng Zhao, the attackers stole more than $570,000 from user wallets. CZ also said that the project uses “GoDaddy” for DNS and that it is “not secure”. “No web3 project should use it. It is very sensitive to social engineering,” he said. As a result, Curve Finance took notice. It said the “Curve.fi” nameserver was compromised. It also said that curve.exchange is not affected because it uses a different DNS provider.