Convex Finance Launches Two URLs After Spoofing Exploit
Angel investor Alexintosh first flagged that Convex Finance was asking for user approval to an unverified smart contract address on July 23rd.Following the incident, the staking platform confirmed the hijack of its DNS that led users to unassumingly approve malicious contracts for some interactions on the website.
The exploiter sent the stolen funds to a “Convex Phisher Deposits” flagged wallet flagged that shows a small amount of crypto from the affected users before moving most of it to the coin mixer, Tornado Cash, to hide the tracks. Furthermore, a crypto tracking and compliance platform MistTrack revealed that Ribbon Finance, a decentralized structured products protocol, also suffered a DNS hijacking attack, wherein a victim reportedly lost 16.5 WBTC. On-chain analysis suggests that it was the same attacker as Convex.
