A recent report by Curve Finance and domain registrar company ‘iwantmyname’ states that the recent $570K exploit suffered by Curve Finance was a result of “DNS cache poisoning, not nameserver compromise.”
The report details that the platform was targeted through a compromise in the hosted DNS infrastructure. Hackers cloned the records in the server to mimic the original servers, known as DNS cache poisoning.
This results in the user being redirected to a page of the attacker’s choice, tricking people into thinking it is the original domain and using the site as usual.
Curve Finance said that this change occurred on 9th August around 7 PM (UTC). The access was restored again at around 9 PM (UTC).
The platform said that they are working with their External DNS platform vendor to investigate this issue further, while also working on a plan to prevent similar attacks in the future.
Curve Finance, in its tweet, mentions that this attack “STRONGLY suggests to start moving to ENS instead of DNS,” indicating the Ethereum Name Service (ENS) is safer than DNS.