Curve Finance’s post-mortem found that “nobody is safe” from frontend attack like Tuesday’s one on the DeFi exchange. Curve Finance has more information on this week’s $570,000 Frontend Attack.
Recent report with domain registrar company Iwantmyname, which is the host of the decentralized exchange’s domain, showed that Tuesday’s hack resulted from “DNS cache poisoning,” not nameserver compromise.
Curve informed users on August 9 that it was the victim of a frontend attack. The nameserver curve.fi was compromised. This led to $570,000 in Ethereum being stolen from users.
It claimed that the platform had been targeted by a compromise in the hosted DNS service infrastructure. To imitate the original server, hackers cloned records on the server. This is known as DNS cache poisoning.
This attack redirects users on a page chosen by the attacker, tricking them into believing it is the original domain.
Curve not only described the attack method but also suggested to “start moving to ENS instead DNS” referring to the crypto-equivalent of DNS, a namesource that translates an IP address into a page for users. This is the Ethereum Name Service.
Curve suggested that ENS be moved to prevent frontend hacks in the future.
Curve Finance has not yet responded to Decrypt’s queries on the matter.
The popularity of Etheruem Name Service (or ENS) has grown recently because it can convert the crypto addresses’ long list of numbers and letters into human-readable addresses.
Instead of the clunky crypto address one could use ENS to enter something like “satoshi.eth”. As you can see, the suffix “.eth” is very similar to “.com”, which is a DNS-native.
However, the Ethereum blockchain makes it far more secure and can be resilient to attacks such as those that Curve suffered on Tuesday.