Decentralized finance (DeFi) protocol Curve Finance has warned that a hacker has again hijacked its domain name system (DNS), sending users to a malicious website.\u00a0\u00a0<\/p>\n
In the second attack on its infrastructure in a week, the \u201ccurve.fi DNS might be hijacked. Don\u2019t interact!\u201d the team said<\/a> in a May 12 warning to X.<\/p>\n In a follow-up post to a user asking whether it was a hack or a hijack<\/a>, the Curve Team said<\/a> the website \u201cPoints to the wrong IP\u201d when users try to visit. A DNS works like a directory that translates domain names into IP addresses.\u00a0<\/p>\n Source: <\/em>Curve Finance<\/em><\/a><\/p>\n The team also said<\/a> in another update that the \u201cPassword is secure,\u201d its two-factor authentication was set up a \u201clong time ago,\u201d and a question has been sent to the \u201cregistrar now.\u201d<\/p>\n \u201dWhile all smart contracts are safe, the domain name points to a malicious site which can drain your wallet! We are investigating and working on recovering the access. No sign of a compromise on our side,\u201d Curve said<\/a>. <\/p>\n Curve Finance was hit with a similar front end attack in August 2022<\/a>. In a post-mortem,\u00a0 the consensus was that the attackers managed to clone the Curve Finance website<\/a> and reroute the DNS server to the fake page.<\/p>\n Users who attempted to use the platform had their funds drained into a pool operated by the attackers.<\/p>\n Cointelegraph has contacted Curve Finance for comment. <\/p>\n Onchain security firm Blockaid also detected unusual activity from the Curve website recently, warning users to stay away and avoid interacting for now.<\/p>\n It could be a case of a \u201cpotential frontend attack,\u201d according<\/a> to the security firm, which is when hackers target<\/a> the part of the website users interact with, such as the buttons, forms, or text on the site, to steal sensitive data.<\/p>\n Source: <\/em>Blockaid<\/em><\/a><\/p>\n \u201cIf you\u2019re connected, please refrain from signing transactions and avoid interactions with the DApp until the issue is resolved. We\u2019re working closely with affected partners. More updates soon,\u201d Blockaid said.<\/p>\n Related: <\/strong><\/em>Crypto hackers hit DeFi for $92M in April as attacks double from March<\/strong><\/em><\/a><\/p>\n This is the second time Curve Finance has been targeted in the last week. On May 5, a hacker took over its <\/a>official X<\/a> handle. <\/p>\n \u201cTo clarify: the incident was limited strictly to the X account. No other Curve accounts were affected. No security issues were found on our side, no user funds were impacted, and there were no victims of phishing links that the hacker posted,\u201d the team said in a follow-up May 6 post.\u00a0<\/p>\n Source: <\/em>Curve Finance<\/em><\/a><\/p>\n Access to the Curve Finance X account was restored quickly, and the cause is still under investigation.<\/p>\n A slew of other high-profile X accounts have also been taken over by bad actors this year<\/a>. On May 2, the Tron DAO account was hijacked; meanwhile, on April 15, a member of the UK\u2019s Parliament, Lucy Powell, had her account taken over to promote a scam crypto token<\/a> called the House of Commons Coin (HOC).<\/p>\nCurve Finance potential front-end attack<\/h2>\n
Second attack in a week<\/h2>\n