THE DAILY ENCRYPT

October 3, 2022

Recent Curve Hack was Due to DNS Exploit – Curve to Move Domain to Ethereum Name Sevice

Curve Finance's post-mortem found that "nobody is safe" from frontend attack like Tuesday's one on the DeFi exchange....
Image by The Daily Encrypt

Curve Finance’s post-mortem found that “nobody is safe” from frontend attack like Tuesday’s one on the DeFi exchange. Curve Finance has more information on this week’s $570,000 Frontend Attack.

Recent report with domain registrar company Iwantmyname, which is the host of the decentralized exchange’s domain, showed that Tuesday’s hack resulted from “DNS cache poisoning,” not nameserver compromise.

Curve informed users on August 9 that it was the victim of a frontend attack. The nameserver curve.fi was compromised. This led to $570,000 in Ethereum being stolen from users.

It claimed that the platform had been targeted by a compromise in the hosted DNS service infrastructure. To imitate the original server, hackers cloned records on the server. This is known as DNS cache poisoning.

Related Articles:  McLaren to Use Crypto Related Decals on F1 Car for Singapore Grand Prix

This attack redirects users on a page chosen by the attacker, tricking them into believing it is the original domain.

Curve not only described the attack method but also suggested to “start moving to ENS instead DNS” referring to the crypto-equivalent of DNS, a namesource that translates an IP address into a page for users. This is the Ethereum Name Service.

Curve suggested that ENS be moved to prevent frontend hacks in the future.

Related Articles:  UAE Officials Expand Further into The Metaverse With New Virtual HQ

Curve Finance has not yet responded to Decrypt’s queries on the matter.

The popularity of Etheruem Name Service (or ENS) has grown recently because it can convert the crypto addresses’ long list of numbers and letters into human-readable addresses.

Instead of the clunky crypto address one could use ENS to enter something like “satoshi.eth”. As you can see, the suffix “.eth” is very similar to “.com”, which is a DNS-native.

However, the Ethereum blockchain makes it far more secure and can be resilient to attacks such as those that Curve suffered on Tuesday.

Vitalik Ivanov

Vitalik Ivanov

Vitalik is a speaker / journalist. He has spoken and given presentations at many blockchain events across the world. Vitalik is based in the UK, he loves to travel and calls Dubai his "crypto home". Vitalik has enjoyed speaking at blockchain events and has a main focus on CBDC's, NFT's and altcoins. Vitalik says "Everything, and i mean everything will be an NFT one day".
Vitalik Ivanov

Vitalik Ivanov

Vitalik is a speaker / journalist. He has spoken and given presentations at many blockchain events across the world. Vitalik is based in the UK, he loves to travel and calls Dubai his "crypto home". Vitalik has enjoyed speaking at blockchain events and has a main focus on CBDC's, NFT's and altcoins. Vitalik says "Everything, and i mean everything will be an NFT one day".

© 2022 The Daily Encrypt. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Latest News
PRESS RELEASES