In brief
- Curve Finance suffered a DNS attack when hackers gained control of their domain without notification, redirecting users to malicious sites despite strong security measures.
- CertiK’s May report shows code vulnerabilities caused over $229 million in losses, representing the majority of crypto exploits including a $225 million Cetus Protocol attack.
- Crypto requires elevated security standards compared to traditional finance because blockchain transactions are irreversible by design, making attacks immediately final.
Curve Finance founder Michael Egorov told Decrypt that “for-hire” hackers are coordinating cross-platform attacks, making it increasingly difficult to secure DeFi projects.
One example is the DNS attack on Curve Finance last month. The decentralized finance protocol’s front-end website was compromised, allowing attackers to redirect users to a malicious site.
“Different hackers could coordinate efforts across platforms, compromising them at the same time for greater impact and profit,” Egorov told Decrypt in a post-mortem interview.
Egorov detailed how the recent attack on Curve succeeded despite his team’s use of strong passwords and two-factor authentication. This happened when their registrar “transferred ownership of [Curve’s domain] to someone else without any email notification” to Curve’s management, Egorov explained.
Still, threat actors could engage in “calculated behavior” that has become increasingly common.
Some “may even take bribes to target specific projects, if someone is willing to pay,” Egorov claimed, adding that hackers could “coordinate efforts across platforms, compromising them at the same time for greater impact and profit.”
Comparing crypto security to legacy infrastructure, such as traditional banking, Egorov noted that methods like SMS-based two-factor authentication are “fundamentally unsafe and should be avoided.”
But for the crypto sector, the stakes may be drastically different, “because all transactions become final almost instantly,” the Curve founder said. Once an attack begins, it is “irreversible by design,” he noted.
“The bar for security standards is much higher […] and today’s internet infrastructure just isn’t built to meet these demands.”
An ‘interesting anomaly’
Egorov’s warning comes as blockchain security firm CertiK’s May security report revealed that code vulnerabilities are the most common type of attack in the crypto space
This was an “interesting anomaly,” Natalie Newson, senior blockchain security researcher at CertiK, wrote in a report shared with Decrypt, noting that code vulnerabilities “represented a majority of exploited funds,” causing over $229 million in losses.
For context, the figure includes damage done to the Cetus Protocol late in the month, amounting to roughly $225 million, representing the largest single attack for May.
In the crypto sector at large, hackers siphoned roughly $302 million in nine major breaches in May, down by about 16% from April’s $364 million total, CertiK’s report shows.
Attackers exploited vulnerabilities in Cetus Protocol’s smart contracts using spoof tokens to manipulate prices and drain liquidity. The exploit was classified as an “oracle manipulation attack, “blockchain security firm Cyvers told Decrypt at the time.
Edited by Stacy Elliott.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
