Ethereum DeFi Exchange Curve Suffers Frontend Hack

Cybercriminals made off with $570,000 in Ethereum, some of it since frozen, before a fix was announced.

By Jason Nelson

2 min read

Attacks targeting blockchain companies show no sign of slowing down. Decentralized trading platform Curve Finance confirmed reports that its website had suffered a frontend attack on Tuesday.

"Don't use the frontend yet. Investigating!" Curve Finance tweeted.

Hackers apparently compromised a Curve website or domain name to redirect unwitting users or their transactions to a malicious destination.

According to Web3 on-chain sleuth, Zachxbt, the thieves made off with $570,000 in ETH, which they sent to the FixedFloat cryptocurrency exchange to launder the money.

FixedFloat said it had frozen 112 ETH, around $191,088, of the stolen funds.

"Our security department has frozen part of the funds in the amount of 112 ETH. In order for our security department to be able to sort out what happened as soon as possible, please email us: info@fixedfloat.com," FixedFloat tweeted.

Launched in 2020, Curve Finance is a decentralized exchange and automated market maker (AMM) for trading stablecoins and wrapped digital assets like wBTC and tBTC.

A few hours after its original notice, Curve Finance said the issue had been found and resolved.

“If you have approved any contracts on Curve in the past few hours, please revoke immediately,” the company warned, also advising its users to proceed cautiously. The curve.exchange website appeared unaffected, they reported, and uses a different domain name system or DNS than curve.fi.

 

Get crypto news straight to your inbox--

sign up for the Decrypt Daily below. (It’s free).

Recommended News