Decentralized finance protocols continue being targeted by online hackers, with Curve Finance becoming the most recent platform to become compromised after your own domain name system (DNS) hijacking incident.
The automated market maker cautioned users to not make use of the front finish of their website on Tuesday following the incident was flagged online by a few people from the wider cryptocurrency community.
As the exact attack mechanism continues to be under analysis, the consensus is the fact that attackers were able to clone the bend Finance website and rerouted the DNS server towards the fake page. Users who attempted to utilize the woking platform then had their drained to some pool run by the attackers.
Curve Finance were able to rectify the problem in due time, but attackers still were able to siphon that which was initially believed to become $537,000 price of USD Gold coin (USDC) within the time that it required to revert the hijacked domain. The woking platform believes its DNS server provider Iwantmyname was hacked, which permitted the following occasions to unfold.
Cointelegraph arrived at to blockchain analytics firm Elliptic to dissect how attackers were able to dupe unsuspecting Curve users. They confirmed that the hacker had compromised Curve’s DNS, which brought to malicious transactions being signed.
Related: Mix chains, beware: deBridge flags attempted phishing attack, suspects Lazarus Group
Elliptic estimates that 605,000 USDC and 6,500 Dai was stolen before Curve found and reverted the vulnerability. Utilizing its blockchain analytics tools, Elliptic then tracked the stolen funds to a variety of exchanges, wallets and mixers.
The stolen funds were immediately transformed into Ether (ETH) to prevent a possible USDC freeze, amounting to 363 ETH worth $615,000.
Interestingly, 27.7 ETH was laundered with the now U . s . States Office of Foreign Assets Control-sanctioned Tornado Cash. 292 ETH was delivered to the FixedFloat exchange and gold coin swap service, as the platform were able to freeze 112 ETH.
Elliptic has become monitoring these flagged addresses additionally towards the original Ethereum-based addresses. An additional 23 ETH was gone to live in a mystery exchange hot wallet.
Elliptic also cautioned the broader ecosystem of further occurrences such as this after identifying an inventory on the darknet forum claiming to market “fake landing pages” for online hackers of compromised websites.
It’s unclear whether this listing, that was discovered only a previous day the bend Finance DNS hijacking incident, was proportional, but Elliptic noted it highlights the methodologies utilized in these kinds of hacks.