Another day, another crypto hack. Crime in the space has been heating up at breakneck speeds, and there’s no sign of things slowing down. Victims continue to stack up, and they’re only getting bigger in scope. Another addition to the list is Curve Finance (CRV-USD), one of the largest DeFi protocols in the world.
$2 billion in crypto assets were stolen from investors between January and June of 2022 through hacks. This figure doesn’t account for all types of crypto theft — only assets seized through code exploits and tech savviness. Already, this figure is higher than the amount stolen through hacks in the entirety of 2021.
And the first months of H2 are boosting those numbers even higher. Crypto project Nomad was hacked just last week for $190 million. Even the Solana (SOL-USD) network, one of the world’s leading layer-1 dapp networks, was victim to an attack. A criminal was able to exploit thousands of wallets on the platform, seizing more than $5 million in assets.
These hacks exemplify a glaring issue washing over the crypto industry: investors need more security from developers. Protecting assets isn’t a top priority right now when it obviously should be. And while developers continue to sit on their hands, hackers are becoming more savvy and more bold. That much is clear as they take on bigger projects than ever before. Solana, for example, is a massive network. It holds $2 billion in value locked on-chain — the fifth-most of any dapp network. Today, these criminals have targeted an even fatter purse as they hack Curve Finance.
Curve Finance Targeted in Newest DeFi Hack
Crypto hacks tend to favor targeting crypto bridges, as was the case with the $650 million Ronin (RON-USD) hack. They also popularly target wallets, as is the case with the Solana hack. The attack on Curve Finance is different, though, with criminals directly targeting a DeFi dapp and brute-forcing assets from within.
Curve Finance is an Ethereum (ETH-USD) dapp, and one of the largest DeFi projects on the market. Using Curve, users can swap stablecoins for “wrapped” cryptocurrencies. These wrapped cryptos are a workaround for investors to use any crypto on any blockchain, regardless of compatability. It’s a wildly popular service and one that links Curve with a multitude of other dapps.
Late Tuesday afternoon, investors were tipped off that the Curve frontend was compromised, with developers demanding users refrain from using the dapp. Hackers took a unique approach with the Curve hack: they made the Curve site redirect to a fraudulent domain which simply posed as Curve. Unwitting users proceeded to conduct transactions as normal, but they didn’t realize they were sending their crypto directly to the hacker’s wallet.
This criminal has collected over $570,000 in Ethereum before developers were able to fix the issue an hour later. Luckily, they have successfully frozen about $191,000 worth of these assets.
While not the most damaging hack of the month — $570,000 pales in comparison to the $190 million stolen from Nomad — the news is of concern to the entire industry. Hackers continue to move up and target larger platforms, both in terms of the size of userbase and the amount of funds at risk. Curve holds nearly $5 billion in total value locked (TVL) on-chain; this is twice as great as even Solana’s TVL. So, it’s obvious that more and more users are at risk thanks to the rising prevalence of hacks across the market.
On the date of publication, Brenden Rearick did not have (either directly or indirectly) any positions in the securities mentioned in this article. The opinions expressed in this article are those of the writer, subject to the InvestorPlace.com Publishing Guidelines.