Over $573K USD has been stolen so far thanks to a frontend vulnerability on the website that is yet not fully understood.
A continuing assault of Curve Finance’s website was announced on Twitter on August 9 by the automated market maker. The protocol’s developers reported that the problem, which they believe to be a malicious actor’s attack, was affecting the service’s nameserver and frontend.
Due to the usage of a different DNS provider, Curve’s exchange, a separate product, appears to be untouched by the attack, the company said through Twitter. However, the team continued to advise visitors to use caution when using the website.
LefterisJP, a Twitter user, hypothesized that the suspected attacker probably used DNS spoofing to carry out the attack on the service:
The warning was promptly shared on Twitter by other DeFi industry members, some of whom noted that the alleged theft looks to have totaled more than $573K USD as of publication.
This story is currently under development and will be updated as new information becomes available. Cointelegraph was used as a source for this article.