Shortly after that announcement, the protocol’s operators said via Telegram that they found the source of the problem and fixed it. “If you have approved any contracts on Curve in the past few hours, please revoke immediately,” they said. The protocol also advised users to use curve.exchange until the propagation of curve.fi reverts to normal.
Curve.Finance is an integral part of the DeFi ecosystem due to its CRV token rewards emissions, which serve as a source of income for several other protocols.
The suspected hacker appears to have changed the domain name system (DNS) entry for the protocol, forwarding users to a fake clone and approving a malicious contract. The program’s contract remained uncompromised, however.
“We are becoming aware of a potential front end issue that is approving a bad contract,” the Telegram announcement read. “For now, please do not perform any approvals or swaps. We’re trying to locate the issue, but for now, for your safety, do not use curve.fi or curve.exchange.”
This story originally appeared on Coindesk