The stablecoin trading service is currently facing an exploit and advises users not to interact with the interface until further notice. The DeFi protocol Curve is currently being exploited through its front end. The attacker has already grabbed almost $573,000 in cash.
According to Paradigm researcher samczsun, Curve’s front end is currently hacked. Users have been advised not to use the protocol till further notice.
According to on-chain statistics, the malicious contract associated with the attack appears to have stolen more than $573,00 in USDC and DAI from eight distinct victims. After being sent to the attacker’s wallet and exchanged for ETH tokens, the funds were forwarded to various additional addresses, first in batches of 45 ETH, then in amounts ranging from 20 to 22 ETH.
At the time of publication, the attacker had also begun sending tokens via the cryptocurrency mixer Tornado Cash, which had been approved by the US Treasury Department the day before.
The Curve team speculated that the attacker cloned the Curve site, directed the Domain Name System (DNS) to the false site, and then added approval requests to the malicious contract. It also stated that, in contrast to curve.fi, curve- the exchange seemed to be unaffected.
Curve Finance is a DeFi system that offers “very efficient” stablecoin trading services with low slippage and costs. With approximately $6 billion in total value locked in, it is regarded as a keystone of the DeFi ecosystem.