Convex Finance released two URLs after the spoofing exploits and said that the investigation of the DNS hijack is still underway so let’s read more today in our latest cryptocurrency news.
The Domain Name Server of the Staking platform Convex Finance was targeted in the latest spoofing exploit. The angel investor Alexintosh flagged Convex finance was asking for user approval to the unverified smart contract address and this suggested that the malicious entity may have sneaked into Convex Finance’s website to carry out a DNS spoofing attack.
After the incident, Convex finance released two URLs and confirmed the hijack of the DNS that led users to approve malicious contracts for interactions on the website. Convex announced setting up two altearntive domain names and asked users to use these URLs and interact with the site while they continue their investigation. The platform marked five wallets affected by the exploit and the team revealed that the funds on verified accounts were not affected.
ADVERTISEMENT
The exploiter sent the funds to a Convex Phiser Deposits wallet that shows a small amount of crypto from the users before moving to the coin mixer Tornado Cash and hiding the tracks. Convex Finance said that it will publish the detailed report soon but the crypto tracking platform MistTrack, revealed that Ribbon Finance suffered a DNS hijacking attack as well wherein a victim lost 16.5 WBTC and it turned out to be the same attacker as Convex.
As recently reported, The Convex Finance cVX token crashed just recently after a bug forced a token to unlock on the platform and dragged the prices down. The smart contract bug forced a team to unlock a huge portion of the token and its circulating supply which sent shockwaves on the markets. The Convex Finance team wrote that it deployed the contracts that were responsible for the vote-locking governance mechanism after the discovery of the bug that will grant users some disproportionate rewards.
There were no instances of the bug being used before the deployment of the new vICVC contract but since these contracts are immutable, the new contract had to be deployed. The new contract has implemented a fix for the potential bug going ahead and the team even wrote it in a blog post making it the latest example of the experimental nature of DEFI and the $200 billion industry where supply shocks and smart contract bugs are often the usual.
ADVERTISEMENT
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
