Curve Finance suffered a frontend attack on Tuesday, forcing the decentralized exchange to take a closer look at the hack. The post-mortem revealed that the exploit was a ‘cache poisoning’ act specific to the domain name system (DNS). Simply put, this attack was all about compromising the DNS cache—ensuring that the web browser returns incorrect responses.
The attack led to a loss of about $570,000 in ETH. On Thursday, Curve Finance put out a tweet, suggesting users move to Ethereum Name Service (ENS) domains instead of sticking with DNS. Curve also referred to ENS as DNS’s crypto equivalent.
We have a brief report from @iwantmyname about what has happened. In brief: DNS cache poisoning, not nameserver compromise.https://t.co/PI1zR96M1Z
No one on the web is 100% safe from these of attacks. What has happened STRONGLY suggests to start moving to ENS instead of DNS
— Curve Finance (@CurveFinance) August 10, 2022
On the other hand, the popularity of ENS domains has been growing steadily as the merge approaches. In July alone, nearly 1.8 million ENS (.eth) domains were bought. ENS.eth (the official ENS page) reported the following stats for July:
- 378K new registrations
- 5,400 ETH in terms of revenue
- 48K new .eth accounts (excluding renewals)
With Curve batting for ENS domains as a safeguard against front-end hacks, we can expect .eth to soar even higher. Tried and tested over time, this domain-specific service relevant to the Ethereum ecosystem is far more resilient to front-end attacks such as the one experienced by Curve.Finance.