Curve Finance, a decentralized exchange (DEX) for stablecoins, has announced that it will reimburse the users who lost their funds in a recent hack. The hack occurred on July 30, when the protocol’s domain name system (DNS) was hijacked by an unknown attacker, who redirected users to a fake website that asked them to approve token transfers to a malicious contract.
According to the Curve Finance team, the attacker managed to steal around $570,000 worth of cryptocurrency from seven users who fell for the scam. The team said that they have identified the affected users and will contact them soon to arrange the compensation. They also advised users to always check the contract address before approving any transactions and to use hardware wallets for extra security.
The team also said that they have restored the DNS records and secured the website from further attacks. They apologized for the inconvenience and thanked the community for their support and patience. They also praised the ethical hacker who retrieved some of the stolen funds and returned them to the protocol.
The Curve Finance hack is one of the latest incidents in a series of attacks on decentralized finance (DeFi) protocols, which have exposed the vulnerabilities and risks of the emerging sector. According to a report by De.Fi, a Web3 portfolio app, DeFi hacks and scams accounted for over $204 million in losses in just the second quarter of 2023. The report also noted that most of the attacks were due to human errors or negligence rather than technical flaws.
As DeFi continues to grow and attract more users and capital, it also faces more challenges and threats from hackers and scammers who seek to exploit its weaknesses and loopholes. Therefore, it is important for DeFi protocols and users to adopt best practices and standards to ensure the security and safety of their funds and data.