The Curve Finance website is directing users to approve a malicious contract.
Curve Finance, DeFi’s second-largest decentralized exchange with $6B in total value locked, has been hit by a frontend exploit.
As of 530pm ET, the issue has been resolved, according to the Curve team.
The Fixed Float exchange says it has frozen 112 ETH ($190,000) of the stolen funds.
Name Server Exploit
The protocol had earlier asked users not to interact with its website as the team investigates.
The exploit was flagged by Paradigm security researcher samczsun. The fake website directs users to approve a malicious contract, which is then able to drain assets from users’ wallets.
Blockchain sleuth zachxbt noted that around $570,000 worth of assets had been stolen as of 4:30pm ET, and that the pilfered funds are being sent to Fixed Float, a crypto exchange that uses Bitcoin’s Lightning network, according to its website.
UPDATED on 8/9 @ 9pm ET with Curve’s update on the situation and Fixed Float’s response.
- Bitcoin
- blockchain
- blockchain compliance
- blockchain conference
- coinbase
- coingenius
- Consensus
- crypto conference
- crypto mining
- cryptocurrency
- decentralized
- DeFi
- Digital Assets
- ethereum
- machine learning
- non fungible token
- plato
- plato ai
- Plato Data Intelligence
- Platoblockchain
- PlatoData
- platogaming
- Polygon
- proof of stake
- The Defiant
- W3
- zephyrnet