The team behind Convex Finance, a protocol built on top of the Curve DEX liquidity pool, said Thursday that its website DNS was hijacked.
The disclosure came hours after warnings first emerged on social media. The intent of the hijacking was to try and lure targets into approving malicious smart contracts. The Convex team said “[f]unds on verified contracts are unaffected.”
“Issue is remediated at this time, but investigation is ongoing. Full post-mortem to follow,” the team said.
Convex also posted a list of addresses that approved the contracts and encouraged them to contact the Convex team.