BREAKING: Curve Finance team advises users not to use its website until further notice following front end compromise

Over $573K USD has been stolen so far thanks to a frontend vulnerability on the website that is yet not fully understood.

A continuing assault of Curve Finance’s website was announced on Twitter on August 9 by the automated market maker. The protocol’s developers reported that the problem, which they believe to be a malicious actor’s attack, was affecting the service’s nameserver and frontend. 

Don't use https://t.co/vOeMYOTq0l site – nameserver is compromised. Investigation is ongoing: likely the NS itself has a problem

— Curve Finance (@CurveFinance) August 9, 2022

Due to the usage of a different DNS provider, Curve’s exchange, a separate product, appears to be untouched by the attack, the company said through Twitter. However, the team continued to advise visitors to use caution when using the website.

Although you need to proceed with caution, but https://t.co/6ZFhcToWoJ seems to be unaffected – uses a different DNS provider

— Curve Finance (@CurveFinance) August 9, 2022

LefterisJP, a Twitter user, hypothesized that the suspected attacker probably used DNS spoofing to carry out the attack on the service:

It's DNS spoofing. Cloned the site, made the DNS point to their ip where the cloned site is deployed and added approval requests to a malicious contract.

— Lefteris Karapetsas | Hiring for @rotkiapp (@LefterisJP) August 9, 2022

The warning was promptly shared on Twitter by other DeFi industry members, some of whom noted that the alleged theft looks to have totaled more than $573K USD as of publication. 

Alert to all @CurveFinance users, their frontend has been compromised!

Do not interact with it until further notice!

It appears around $570k stolen so far 🙄#defi #crypto $crv

— Assure DeFi (@AssureDefi) August 9, 2022

This story is currently under development and will be updated as new information becomes available. Cointelegraph was used as a source for this article.