Nexo

We’re Giving out 10 BTC in Rewards until the Bitcoin Halving

Learn More
Home » News » Curve Finance Exploited in Ongoing Attack

Curve Finance Exploited in Ongoing Attack

by

The stablecoin trading service is experiencing an ongoing exploit and warns users from engaging with the frontend until further notice.

Curve Finance Exploited in Ongoing Attack
Shutterstock cover by REDPIXEL.PL

Key Takeaways

  • Curve Finance is suffering from an ongoing exploit.
  • A malicious contract has so far siphoned more than $573,000 from victims.
  • The Curve team has warned users against interacting with the frontend until further notice. 

Share this article

DeFi protocol Curve is currently being exploited through its frontend. Over $573,000 has already been taken by the attacker.

Curve Frontend Exploited

Curve Finance is being exploited.

According to Paradigm researcher samczsun, Curve’s frontend is currently compromised. The researcher warned Curve users not to use the protocol until further notice. 

Curve later appeared to confirm the ongoing exploit on Twitter, writing in reply to samczsun, “Don’t use the frontend yet. Investigating!”

On-chain data show that the malicious contract associated with the exploit appears to have siphoned over $573,000 in USDC and DAI from eight different victims so far. The funds, already transferred to the attacker’s wallet and swapped for ETH tokens, were sent to crypto exchange FixedFloat, first in batches of 45 ETH, then in amounts ranging from 20 to 22 ETH.

At press time the attacker had also started sending tokens through cryptocurrency mixer Tornado Cash, which was sanctioned by the U.S. Treasury Department yesterday.

The Curve team hinted the attacker possibly cloned the Curve site, made the Domain Name System (DNS) direct towards the fraudulent site and then added approval requests to the malicious contract. It furthermore clarified that curve.exchange, contrary to curve.fi, seems to have been unaffected.

Curve Finance is a decentralized finance (DeFi) protocol that provides “extremely efficient” stablecoin trading services with low slippage and fees. It is considered a pillar of the DeFi ecosystem, with over $6 billion in total value locked. 

Update: the Curve team posted on Twitter at 08:27 UTC that the exploit had been patched, and urged Curve users to revoke Curve contracts they may have approved in the last few hours.

Update 2: FixedFloat announced that it has frozen funds amounting to 112 ETH (roughly $191,000) in connection to the exploit.

This is a developing story.

Disclosure: At the time of writing, the author of this piece owned ETH and several other cryptocurrencies. 

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.