The source of the hack has been “found and reverted,” according to the protocol.
Hackers plundered approximately $570,000 from decentralized finance (DeFi) protocol Curve.Finance, according to a screenshot of the protocol’s wallet shared on Twitter late Tuesday.
Shortly after that announcement, the protocol’s operators said via Telegram that they found the source of the problem and fixed it. “If you have approved any contracts on Curve in the past few hours, please revoke immediately,” they said. The protocol also advised users to use curve.exchange until the propagation of curve.fi reverts to normal.
Curve.Finance is an integral part of the DeFi ecosystem due to its CRV token rewards emissions, which serve as a source of income for several other protocols.
The suspected hacker appears to have changed the domain name system (DNS) entry for the protocol, forwarding users to a fake clone and approving a malicious contract. The program’s contract remained uncompromised, however.
In response to the hack, the protocol advised users in a Telegram message to refrain from using curve.fi or curve.exchange until the protocol’s operators locate the source of the exploit.
“We are becoming aware of a potential front end issue that is approving a bad contract,” the Telegram announcement read. “For now, please do not perform any approvals or swaps. We’re trying to locate the issue, but for now, for your safety, do not use curve.fi or curve.exchange.”