Curve Finance has more answers to this week’s $570,000 frontend attack

A recent report conducted with domain registrar company iwantmyname, the domain host for the decentralized exchange, indicated that Tuesday’s hack was a result of “DNS cache poisoning, not nameserver compromise.”

On August 9, Curve notified users that it had suffered a frontend attack where the nameserver, curve.fi, was compromised, leading to $570,000 of Ethereum (ETH) being stolen from users.

It reported that the platform was targeted through a compromise in the hosted domain name service infrastructure. Hackers cloned the records in the server to mimic the original server, known as DNS cache poisoning. 

This attack redirects users to a page of the attacker’s choosing, tricking people into thinking it is the original domain and using the site as usual. 

Beyond outlining the attack method, Curve also said that “What has happened strongly suggests to start moving to ENS instead of DNS,” referring to the crypto equivalent of DNS—a namesource that translates the IP address into the page for users—called the Ethereum Name Service.

Moving to ENS, as Curve suggested, will reportedly prevent such frontend hacks from happening in the future. 

Curve Finance has yet to respond to Decrypt’s inquiries on the matter.

What is Ethereum Name Service?

Etheruem Name Service, or ENS, has been made popular of late thanks to its ability to turn the long string of letters and numbers that is crypto addresses into human-readable addresses. 

Instead of that clunky crypto address, one could instead into something like “satoshi.eth” using ENS. And as you can imagine, that “.eth” suffix looks similar to the DNS-native “.com.” 

But insofar as the service exists on the Ethereum blockchain, it’s far more secure and potentially resilient to attacks like those suffered by Curve on Tuesday.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.