Curve Founder Warns of 'For-Hire' Hackers Coordinating Cross-Platform Attacks

Curve Finance founder Michael Egorov told Decrypt that "for-hire" hackers are coordinating cross-platform attacks, making it increasingly difficult to secure DeFi projects.

One example is the DNS attack on Curve Finance last month. The decentralized finance protocol's front-end website was compromised, allowing attackers to redirect users to a malicious site.

"Different hackers could coordinate efforts across platforms, compromising them at the same time for greater impact and profit," Egorov told Decrypt in a post-mortem interview.

Egorov detailed how the recent attack on Curve succeeded despite his team's use of strong passwords and two-factor authentication. This happened when their registrar "transferred ownership of [Curve's domain] to someone else without any email notification" to Curve's management, Egorov explained.

Curve Finance Hit by DNS Record Attack, Warns Users to Avoid Main Site

Decentralized protocol Curve Finance confirmed Tuesday that its front-end website was compromised, with attackers redirecting users to a fake site. "The DNS incident involving Curve Finance reflects a broader issue across the industry," the project told Decrypt. "In recent weeks, there has been a noticeable increase in attacks targeting the infrastructure of various crypto projects." The exploit redirected traffic to a malicious IP, the protocol said on social media. "User funds are safe. Curve...

Still, threat actors could engage in "calculated behavior" that has become increasingly common.

Some "may even take bribes to target specific projects, if someone is willing to pay," Egorov claimed, adding that hackers could “coordinate efforts across platforms, compromising them at the same time for greater impact and profit."

Comparing crypto security to legacy infrastructure, such as traditional banking, Egorov noted that methods like SMS-based two-factor authentication are "fundamentally unsafe and should be avoided."

But for the crypto sector, the stakes may be drastically different, "because all transactions become final almost instantly," the Curve founder said. Once an attack begins, it is "irreversible by design," he noted.

"The bar for security standards is much higher [...] and today's internet infrastructure just isn’t built to meet these demands."

An 'interesting anomaly'

Egorov's warning comes as blockchain security firm CertiK's May security report revealed that code vulnerabilities are the most common type of attack in the crypto space

This was an "interesting anomaly," Natalie Newson, senior blockchain security researcher at CertiK, wrote in a report shared with Decrypt, noting that code vulnerabilities "represented a majority of exploited funds,” causing over $229 million in losses.

Sui Ecosystem Rocked by $200M ‘Oracle Manipulation Attack’ on Its Largest DEX

The Sui ecosystem has been rocked to its core by an exploit on the network’s largest decentralized exchange Cetus which has seen $200 million stolen from liquidity pools. Notable Sui meme coins like Lofi (LOFI), Sudeng (HIPPO), and Squirtle (SQUIRT) tanked 76%, 80%, and 97% in just an hour. And the popular Cetus token dropped 53% over the same time frame. According to DEX Screener, 46 Sui tokens have made double digit losses over the past 24 hours. “The attacker exploited vulnerabilities in Cetu...

For context, the figure includes damage done to the Cetus Protocol late in the month, amounting to roughly $225 million, representing the largest single attack for May.

In the crypto sector at large, hackers siphoned roughly $302 million in nine major breaches in May, down by about 16% from April's $364 million total, CertiK's report shows.

Attackers exploited vulnerabilities in Cetus Protocol's smart contracts using spoof tokens to manipulate prices and drain liquidity. The exploit was classified as an "oracle manipulation attack, "blockchain security firm Cyvers told Decrypt at the time.

Edited by Stacy Elliott.