Update: Curve has announced the issue has been fixed and says it is safe to use again.
Problema rasta ir grąžinta. Jei per pastarąsias kelias valandas patvirtinote kokias nors sutartis „Curve“, nedelsdami atšaukite. Prašome naudoti https://t.co/6ZFhcToWoJ kol kas iki platinimo už https://t.co/vOeMYOTq0l grįžta į normalią
- „Curve Finance“ (@CurveFinance) Rugpjūtis 9, 2022
Samczsun, a researcher at Paradigm, is reporting that the Curve Finance front end has been compromised, with over $500k pavogtas per kelias minutes.
@CurveFinance frontend yra pažeista, nenaudokite jos iki kito pranešimo!
- samczsun (@samczsun) Rugpjūtis 9, 2022
The official Curve Finance Twitter has confirmed the news stating:
Don't use the frontend yet. Investigating! https://t.co/8kmtpGsLQQ
- „Curve Finance“ (@CurveFinance) Rugpjūtis 9, 2022
The founder of Rotkiapp, Lefteris Karapetsas, theorized that “It’s DNS spoofing. Cloned the site, made the DNS point to their ip where the cloned site is deployed and added approval requests to a malicious contract.” Curve retweeted the theory in apparent support before following up with a further announcement;
Nenaudoti https://t.co/vOeMYOTq0l svetainė – vardų serveris pažeistas. Tyrimas vyksta: greičiausiai pati NS turi problemų
- „Curve Finance“ (@CurveFinance) Rugpjūtis 9, 2022
Pranešimas „Curve Finance“ priekinės dalies vartotojo sąsaja pažeista dėl DNS įsilaužimo – vartotojams patarta nebendrauti pirmiausia pasirodė „CryptoSlate“.
Source: https://cryptoslate.com/curve-finance-front-end-ui-compromised-in-dns-hack-users-advised-not-to-interact/