QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
UNKNOWN
AUGUST 2022
GLOBAL
CURVE FINANCE
DESCRIPTION OF EVENTS
"Curve is a decentralized, UniSwap-like exchange for stablecoins. By focusing on stablecoins, it’s able to offer traders extremely low slippage, and liquidity providers enjoy little-to-no impermanent loss." "As is the case with many other decentralized finance protocols, Curve wasn’t fully decentralized at launch, run by the Curve team, led by Michael Egorov, the founder of NuCypher with a Ph.D. in Physics."
"Curve supports DAI, USDC, USDT, TUSD, BUSD and sUSD, as well as BTC pairs, and it lets you trade between these pairs extremely quickly and efficiently. When stablecoins or stable assets are involved, Curve’s prices are usually the best in the business."
“The key aspect of Curve is its market-making algorithm, which can provide 100-1000 times higher market depth than Uniswap or Balancer for the same total value locked. This dynamic helps both traders and liquidity providers because fundamental returns for those are higher than on Uniswap and alike by the same factor as the market depth.”
"In this exploit, the hackers modified the IP address translated by the DNS for http://curve.fi.
They provided the IP address of their own server and they created an identical web application."
"Unaware users thought they were using @CurveFinance, but they were approving transactions that were stealing their funds."
"The issue has been found and reverted. If you have approved any contracts on Curve in the past few hours, please revoke immediately. Please use http://curve.exchange for now until the propagation for http://curve.fi reverts to normal."
"Updates should have propagated for http://curve.fi everywhere by now, which means it should be safe to use"
"The contract that needs to be revoked is: 0x9eb5f8e83359bb5013f3d8eee60bdce5654e8881 If you have approved it please revoke it immediately on https://revoke.cash"
On August 9th, 2022, some users of Curve Finance would have found that they were interacting with a malicious server and smart contract, which happened due to the DNS of the Curve Finance website being changed to point the domain name to a malicious server. The issue was corrected within a couple of hours, however DNS may take up to 48 hours to propagate. It is not clear how much was taken and what happened to the funds.
@CurveFinance Twitter (Aug 24)
@CurveFinance Twitter (Aug 24)
@CurveFinance Twitter (Aug 24)
@HarukoTech Twitter (Jan 13)
@KatieePCrypto Twitter (Jan 20)
@DeFi_Pontifex Twitter (Nov 24)
@brypto_sage Twitter (Nov 24)
@ConvexFinance Twitter (Nov 24)
@samczsun Twitter (Nov 24)
@rhmaximalist Twitter (Nov 24)
Malicious Smart Contracts — Richard Heart Maximalism (Nov 24)