Curve Finance is one of the latest projects to be hacked, with the Frontend of their website being compromised.
A quote from Curve Finance, "We are becoming aware of a potential front end issue that is approving a bad contract. For now, please do not perform any approvals or swaps".
According to Paradigm researcher samczsun, Curve’s frontend is currently compromised. The researcher warned Curve users not to use the protocol until further notice.
Curve later appeared to confirm the ongoing exploit on Twitter, writing in reply to samczsun, “Don’t use the frontend yet. Investigating!”
On-chain data show that the malicious contract associated with the exploit appears to have siphoned over $573,000 in USDC and DAI from victims. The funds, already transferred to the attacker’s wallet and swapped for ETH tokens, are now being sent to multiple other addresses in batches of 45 ETH.
Curve Finance is a decentralized finance (DeFi) protocol that provides “extremely efficient” stablecoin trading services with low slippage and fees. It is considered a pillar of the DeFi ecosystem, with over $6 billion in total value locked.
Please note this is an ongoing story.