How to check if you’re safe on Curve Finance after the recent DNS exploit
More than $530,000 was stolen from Curve Finance on Tuesday after hackers were able to control nameservers to reroute DNS to malicious servers. The Curve website front his end was duplicated to trick users into believing they were interacting with a legitimate site.
On the surface, the SSL certificate, domain name, and website content were identical to the actual version of the site, giving users little chance of identifying the exploit. The correct IPs for Curve’s servers have been released and instructions on how to verify this can be found at the end of this article.
Don’t use the front end yet. investigating! https://t.co/8kmtpGsLQQ
— Curve Finance (@CurveFinance) August 9, 2022
Within an hour, Curve updated its Twitter account to identify a malicious contract to attack. Canceled From wallets of all users. The update followed a statement confirming that the platform had “discovered and reverted” the issue.
A problem was found and reverted. If you’ve approved a contract in Curve in the last few hours, revoke it immediately.please use it https://t.co/6ZFhcToWoJ So far up to propagation https://t.co/vOeMYOTq0l return to normal
— Curve Finance (@CurveFinance) August 9, 2022
As of 7pm GMT on August 10th, Curve is advising users to take additional precautions when interacting with dApps. This issue has been resolved, but not all DNS records are updated worldwide at this time. Users who understand how to validate their IP can safely use the platform. In the meantime, others should use curve.exchange.
I’ll tweet when I’m sure all DNS records for all NS servers in the world are fully up-to-date. https://t.co/vOeMYOTq0l The address is definitely safe to use https://t.co/kfODENPHFS
— Curve Finance (@CurveFinance) August 10, 2022
Tether CTO Paolo Ardoino said of Wednesday afternoon’s hack:
“This attack once again shows that hacker ingenuity poses an ever-present danger to our industry…We commend Curve for its ability to identify the source of a hack and act quickly. is exactly how the protocol reacts when customer funds are at risk.”
How to check if Curve.fi resolves to the correct server
If you prefer to use Curve Finance, you can use the following method to see how IP addresses are resolved in your location.
Windows
- Press “Windows + R”
- [ファイル名を指定して実行]In the dialog box, type “cmd” and press Enter.
- A window will open and type “ping curve.fi”
- The result should return the IP address “76.76.21.21”
- If so, your current internet connection is resolving to the correct server for your domain
Mac
- Press “Cmd + Space”
- Type “Terminal” to open the “Terminal” app
- A window will open and type “ping curve.fi”
- The result should return the IP address “76.76.21.21”
- If so, your current internet connection is resolving to the correct server for your domain
However, we recommend using extreme caution and using curve.exchange until the Curve team releases further updates to ensure all DNS records have propagated.