A recent report conducted with domain registrar company iwantmyname, the domain host for the decentralized exchange, indicated that Tuesday’s hack was a result of “DNS cache poisoning, not nameserver compromise.”
On August 9, Curve notified users that it had suffered a frontend attack where the nameserver, curve.fi, was compromised, leading to $570,000 of Ethereum (ETH) being stolen from users.
It reported that the platform was targeted through a compromise in the hosted domain name service infrastructure. Hackers cloned the records in the server to mimic the original server, known as DNS cache poisoning.
This attack redirects users to a page of the attacker’s choosing, tricking people into thinking it is the original domain and using the site as usual.
Beyond outlining the attack method, Curve also said that “What has happened strongly suggests to start moving to ENS instead of DNS,” referring to the crypto equivalent of DNS—a namesource that translates the IP address into the page for users—called the Ethereum Name Service.
We have a brief report from @iwantmyname about what has happened. In brief: DNS cache poisoning, not nameserver compromise.https://t.co/PI1zR96M1Z
No one on the web is 100% safe from these of attacks. What has happened STRONGLY suggests to start moving to ENS instead of DNS
Moving to ENS, as Curve suggested, will reportedly prevent such frontend hacks from happening in the future.
AD
AD
Curve Finance has yet to respond to Decrypt’s inquiries on the matter.
What is Ethereum Name Service?
Etheruem Name Service, or ENS, has been made popular of late thanks to its ability to turn the long string of letters and numbers that is crypto addresses into human-readable addresses.
Instead of that clunky crypto address, one could instead into something like “satoshi.eth” using ENS. And as you can imagine, that “.eth” suffix looks similar to the DNS-native “.com.”
But insofar as the service exists on the Ethereum blockchain, it’s far more secure and potentially resilient to attacks like those suffered by Curve on Tuesday.
Stay on top of crypto news, get daily updates in your inbox.
Formula 1 has renewed its partnership with exchange platform Crypto.com, extending the agreement through 2030 as both entities seek to capitalize on their shared momentum.
The renewed partnership will see Crypto.com continue to feature prominently at key Formula 1 events, including the Miami Grand Prix, where it has been the title sponsor since the race’s inception in 2022.
The deal, first inked in 2021, marked Formula 1’s foray into the crypto world at a time when digital assets were experienc...
Mo Shaikh, a co-creator of the Aptos blockchain and co-founder and CEO of the Aptos Labs firm that helps support it, announced Thursday that he's leaving the company to focus on a "new chapter."
"Today, I am stepping away from Aptos Labs to start a new chapter," Shaikh wrote on X. "One of my true passions lies in building companies from the ground up, and we have done that at Aptos Labs by building a world-class team."
"I leave Aptos Labs with the utmost confidence in the team," he continued, "a...
Building on the momentum of anticipated changes to U.S. crypto policy, Binance.US said it aims to restore its USD services in early 2025, according to a statement shared with Decrypt.
It marks the exchange's first major operational shift as regulatory pressure forced the exchange to suspend fiat trading last year.
The platform has operated under restricted banking access since June 2023, when SEC civil claims triggered a suspension of dollar deposits and withdrawals.
"While I can't provide a de...
