ChainBleedv0.1 · open intel
← back to feed·2022-08-09 · 3y ago
Incident · SLOWMIST

Curve Finance

Malicious Code Injection Attack
Estimated loss
$428.0K
VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
▰ METHOD
Undisclosed
Root cause

Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.

Forensic narrative

The Curve Finance frontend was attacked, prompting users to grant token approvals to malicious smart contracts. The attackers moved the stolen funds to FixedFloat and Tornado Cash, with at least 362 ETH (~$620,000) stolen. FixedFloat tweeted that they had frozen 112 stolen ETH (~$192,000). Attack method (per SlowMist): Malicious Code Injection Attack. Reported loss: $ 428,000.

Primary source
https://twitter.com/CurveFinance/status/1557107088962224132
Sourced from
slowmist
Technical record
chain
protocol
Curve Finance
bug_class
unknown
date_occurred
2022-08-09
loss_usd
$428,000
source_id
sm:curve-finance::2022-08-09
Related — same bug class
2026-05-16
1mo ago
ETH
Adshares
Bridge-Minter Fake-Mint Exploit (wADS)
bridge
$628.0K
AMBIGUOUS
2026-05-15
1mo ago
MULTI
THORChain
Cross-Chain Router Exploit (multi-chain drain)
bridge
$10.70M
AMBIGUOUS
2026-05-13
1mo ago
BSC
Mail Token
BSC token contract exploit (vector undisclosed)
accounting
$54.6K
UNRATED
2026-05-13
1mo ago
ARB
ShapeShift FOX Colony (Colony Network)
executeMetaTransaction → resolver-repoint via setTarget → delegatecall drain
access-control
$132.7K
AUDIT-CATCHABLE
2026-05-13
1mo ago
ETH
Transit Finance
Contract Vulnerability
logic
$1.88M
UNRATED
2026-05-13
1mo ago
ETH
TAC Cross-Chain Layer (TON Side)
Contract Vulnerability
logic
$2.80M
UNRATED
ChainBleed — live web3 threat intelligence