\n
![](\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDgvNzZkN2JlNWMtNDQ5ZS00NzdhLWJjMDEtYzhkY2M1NDJlM2E3LmpwZw==.jpg\")
<\/p>\n
\n<\/p>\n
On Tuesday, automated market maker Curve Finance took to Twitter to warn users of an exploit on its site. The team behind the protocol noted that the issue, which appeared to be an attack from a malicious actor, was affecting the service\u2019s nameserver and frontend.<\/p>\n
\nDon’t use https:\/\/t.co\/vOeMYOTq0l<\/a> site – nameserver is compromised. Investigation is ongoing: likely the NS itself has a problem<\/p>\n
\u2014 Curve Finance (@CurveFinance) August 9, 2022<\/a><\/p><\/blockquote>\n
Curve stated<\/a> via Twitter that its exchange \u2014 which is a separate product \u2014 appeared to be unaffected by the attack, as it uses a different domain name system (DNS) provider.\u00a0<\/p>\n
However, the issue was quickly addressed by the team. An hour after the initial warning, Curve said it had both found and reverted the issue, directing users who have approved any contracts on Curve in the last few hours to revoke them \u201cimmediately.\u201d\u00a0<\/p>\n
\nThe issue has been found and reverted. If you have approved any contracts on Curve in the past few hours, please revoke immediately. Please use https:\/\/t.co\/6ZFhcToWoJ<\/a> for now until the propagation for https:\/\/t.co\/vOeMYOTq0l<\/a> reverts to normal<\/p>\n
\u2014 Curve Finance (@CurveFinance) August 9, 2022<\/a><\/p><\/blockquote>\n
Curve noted that, most likely, the DNS server provider Iwantmyname was hacked, adding that it has subsequently changed its nameserver.\u00a0<\/p>\n
A nameserver works like a directory that translates domain names into IP addresses.\u00a0<\/p>\n
While the exploit was ongoing, Twitter user\u00a0LefterisJP\u00a0speculated that the alleged attacker had likely utilized DNS spoofing to execute the exploit on the service:<\/p>\n
\nIt’s DNS spoofing. Cloned the site, made the DNS point to their ip where the cloned site is deployed and added approval requests to a malicious contract.<\/p>\n
\u2014 Lefteris Karapetsas | Hiring for @rotkiapp (@LefterisJP) August 9, 2022<\/a><\/p><\/blockquote>\n
Other participants in the DeFi space quickly took to Twitter to spread the warning to their own followers, with some noting that the alleged thief appears to have stolen more than $573,000 USD.<\/p>\n
\nAlert to all @CurveFinance<\/a> users, their frontend has been compromised!<\/p>\n
Do not interact with it until further notice!<\/p>\n
It appears around $570k stolen so far #defi<\/a> #crypto<\/a> $crv<\/a><\/p>\n
\u2014 Assure DeFi (@AssureDefi) August 9, 2022<\/a><\/p><\/blockquote>\n
Back in July, analysts suggested that they wer<\/a>e favorably eyeing Curve Finance<\/a>, despite the market downturn which continues to affect the larger DeFi space. Among the reasons cited by researchers at Delphi Digital for their bullishness, they specifically called out the platform’s yield opportunities, the demand for Curve DAO Token (CRV) deposits, and the protocol’s revenue generation from stablecoin liquidity.<\/p>\n