Curve DAO (CRV) Faces DNS Attack; Cryptocurrency Dragged into Chaos
In a developing story within the cryptocurrency landscape, Curve Finance has been targeted by a sophisticated DNS attack, leading to a significant drop in the value of its governance token, CRV. As the situation unfolds, the implications could impact market confidence and user trust in decentralized finance.
Details of the Attack
An attacker exploited a vulnerability in the decentralized exchange GMX, siphoning off approximately $40 million in various cryptocurrencies. Following the breach, the assailant began returning some of the stolen assets after accepting a bounty offered by GMX.
Security firm PeckShield revealed that the hacker acknowledged the bounty, expressing a willingness to cooperate. “Ok, the funds will be returned later,” the attacker stated in a transaction on the blockchain, indicating a partial return of the stolen assets was forthcoming.
Funds Being Returned
Less than an hour after the initial message, the hacker commenced the transfer of funds to an address specified by GMX. Reports from PeckShield indicate that around $9 million in Ether (ETH) was sent back to the team. This transaction was recorded on blockchain tracking platforms under the label of GMX Exploiter 2.
The attacker has also returned a total of $10.5 million in stablecoins, with separate transactions of $5.5 million and an additional $5 million. As of the latest reports, GMX has recovered approximately $20 million — about half of the total assets stolen during the incident.
The initial hack occurred on a liquidity pool on GMX v1, targeting the trading protocol deployed on the Arbitrum Layer 2 network. The attacker allegedly manipulated the price of GLP tokens to drain various crypto assets from the platform.
GMX Offers Bounty for Recovery
In the wake of the breach, GMX recognized the technical sophistication of the exploit and offered a $5 million bounty for the return of the stolen funds. In a direct message to the hacker on X (formerly Twitter), the GMX team classified the bounty as a “white hat” offer, which would allow the attacker to legally utilize any returned funds, contingent on a significant recovery of the assets.
“You successfully executed the exploit; your capabilities are evident to anyone reviewing the transactions,” GMX stated, reiterating the continued availability of the $5 million bounty.
The GMX team emphasized that the bounty aims to mitigate legal risks linked to the use of stolen cryptocurrencies. Additionally, they offered to provide proof of the funds’ origin to assist the hacker in navigating compliance checks or audits.
Alongside the public bounty, GMX issued an on-chain ultimatum, threatening legal action within 48 hours if the funds were not returned in full.
