GSD-2022-1004953
- Import Source
- https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1004xxx/GSD-2022-1004953.json
- Withdrawn
- 2023-03-14T07:01:09.294850Z
- Published
- 2022-08-09T23:36:36.438030Z
- Modified
- 2023-03-14T07:01:09.294850Z
- Details
-
The curve.finance web site was DNS hijacked on 2022-08-09 and a new smart contract that drains victims wallets if accepted is being served. Previously the DNS was registered through GoDaddy. The attack was partially mitigated through a white hat hacker that executed a SYN flooding attack against the new IP addresses serving the malicious smart contract, limiting the ability for victims to connect and be attacked.
- References
-
- https://twitter.com/cz_binance/status/1557117356652085250?s=21&t=RwuQ1UCFfIjjDt_-TbO6gA
- https://www.coindesk.com/business/2022/08/09/defi-protocol-curvefinance-hacked-570k-stolen/
- https://cryptoslate.com/curve-finance-front-end-ui-compromised-in-dns-hack-users-advised-not-to-interact/
- https://cryptobriefing.com/curve-finance-exploited-in-ongoing-attack/
- https://news.yahoo.com/defi-protocol-curve-finance-hacked-213952549.html
- https://twitter.com/WatcherGuru/status/1557104364690489346
- https://news.slashdot.org/story/22/08/09/2144238/curve-finance-front-end-ui-compromised-in-dns-hack
- https://twitter.com/szferguson/status/1557125514065846274
- https://twitter.com/CurveFinance/status/1557115032646959105