Curve Finance Scrambles to Repel Exploit

Curve Finance, DeFi’s second-largest decentralized exchange with $6B in total value locked, has been hit by a frontend exploit.

As of 5:30pm ET on Tuesday, the issue has been resolved, according to the Curve team.

image 5

The Fixed Float exchange says it has frozen 112 ETH ($190,000) of the stolen funds.

Name Server Exploit

The protocol had earlier asked users not to interact with its website as the team investigates.

image 3

The exploit was flagged by Paradigm security researcher samczsun. The fake website directs users to approve a malicious contract, which is then able to drain assets from users’ wallets.

Blockchain sleuth zachxbt noted that around $570,000 worth of assets had been stolen as of 4:30pm ET, and that the pilfered funds are being sent to Fixed Float, a crypto exchange that uses Bitcoin’s Lightning network, according to its website.

image 4
UPDATED on 8/9 @ 9pm ET with Curve’s update on the situation and Fixed Float’s response.