Was Convex Finance targeted in the latest spoofing exploit
Amid the broader market downturn, 24 June was a rather unforgettable day for the crypto community. After the Harmony Bridge was attacked for $100 million Convex Finance urged its users to be diligent in checking the addresses for contract approvals. Reportedly, the website of Convex Finance was hijacked earlier on 24 June.
“Need a hand here”
Curve’s Convex Finance is a DeFi protocol built to reward liquidity providers. It also provides additional yields to those who stake Curve Finance’s native token, CRV. The protocol suffered a DNS (Domain Name System) hijacking.
It was targeted in the latest spoofing exploit. The hijacking prompted users to accept and approve malicious contracts for some interactions on the site. In fact, the attack was confirmed by the Convex team via the following tweet,
Investigation is still ongoing, but a quick update for the community:
– DNS for https://t.co/5rSUjMgY4u was hijacked, prompting users to approve malicious contracts for some interactions on the site.
– Funds on verified contracts are unaffected.
— Convex Finance (@ConvexFinance) June 23, 2022
The Convex team confirmed the five addresses that approved these “malicious contracts.” They asked the owners of the following addresses to report via Twitter or Discord channels at the earliest. The accounts listed in the tweet were,
While the investigation is still going on, no funds are affected yet on the verified contracts. In the wake of this alarming issue, the Convex team then created an alternate domain as a precautionary measure for users. Until the post-mortem of the attack, the sites mentioned below are being suggested for safe passage into the protocol.
Not the first one
The attack on Convex Finance comes on a day when $100 million in ETH was stolen from the Harmony Bridge hack. It is the latest cross-chain bridge to suffer a security breach. This comes after Axie Infinity’s Ronin Bridge suffered a $600 million hack earlier in March.