Ethereum Proof-of-work Fork Proposal is “a Retail Trap,” Researchers Say
InterServer Web Hosting and VPS


  • Compared to protocol exploits, the losses suffered as a result of the DNS hijack are relatively small
  • Both operational security and technical security of DeFi dapps is expected to improve

Binance managed to freeze or recover a majority of the funds that hackers stole from DeFi protocol Curve Finance this week, the exchange’s CEO Changpeng Zhao said on Friday.

Zhao said in a tweet that the exchange is working with law enforcement authorities to return funds to users. Curve retweeted Zhao’s post, an apparent confirmation of the development.

InterServer Web Hosting and VPS

Curve — the fourth largest DeFi (decentralized finance) protocol with about $6 billion in total value locked (TVL) — was struck by a security incident on Aug. 9, leading it to warn users against using its website. About $570,000 worth of tokens were believed to be stolen in the hack.

Unlike protocol exploits, the culprits took advantage of shortcomings in the security of online service providers — in this case, Curve’s domain name system (DNS). A DNS maps readable website names to IP addresses.

Marcus Sotiriou, analyst at GlobalBlock, said the hackers modified the IP address translated by the DNS for the curve.fi website. They provided the IP address of their own server and created an identical web application, he said in a note, allowing them to create new smart contracts to steal money. Users were approving transactions that were actually stealing their funds.

In the past two years, such attacks have become prevalent in the crypto industry as thieves search for ways to part crypto users from their funds.

Last month, infrastructure provider Ankr was hit with a social engineering-instigated DNS attack.

“This is an example of how important it is for users within DeFi to be fully educated on the protocols they use,” Sotiriou said.

People could have protected themselves if they checked all the smart contracts they interact with,” he said.

But this is beyond the technical know-how of a vast majority of DeFi users, according to Teddy Woodward, co-founder of Notional Finance.

“The average retail user is not going to review the smart contracts they interact with [but] I think it is reasonable for larger or more professional users like businesses and funds to make an effort there, and many do,” Woodward told Blockworks, adding that over time, the safety of DeFi protocols has been consistently trending upward.

Each exploit hardens dapps and makes them safer for the average user.

“I think about it like plane travel,” Woodward said. “That used to be extremely dangerous, now it’s safer than driving a car.”


Get the day’s top crypto news and insights delivered to your inbox every evening. Subscribe to Blockworks’ free newsletter now.


  • Macauley was an editor and content creator in the professional chess world for 14 years, prior to joining Blockworks. At Bucerius Law School (Master in Law and Business, 2020) he researched stablecoins, decentralized finance and central bank digital currencies. He also holds an MA in Film Studies; film credits include Associate Producer of the 2016 Netflix feature documentary, “Magnus” about World Chess Champion Magnus Carlsen. He is based in Germany.

    Contact Macauley via email at [email protected] or on Twitter @yeluacaM

  • Blockworks

    Reporter

    Shalini is a crypto reporter from Bangalore, India who covers developments in the market, regulation, market structure, and advice from institutional experts. Prior to Blockworks, she worked as a markets reporter at Insider and a correspondent at Reuters News. She holds some bitcoin and ether. Reach her at [email protected]





Source link