Curve Finance warns its DNS has been hijacked again

Update May 13, 12:33 am UTC: This article has been updated to include more information from Curve Finance.

Decentralized finance (DeFi) protocol Curve Finance has warned that a hacker has again hijacked its domain name system (DNS), sending users to a malicious website.

In the second attack on its infrastructure in a week, the “curve.fi DNS might be hijacked. Don’t interact!” the teamsaidin a May 12 warning to X.

In a follow-up post to a user asking whether it wasa hack or a hijack, the Curve Teamsaidthe website “Points to the wrong IP” when users try to visit. A DNS works like a directory that translates domain names into IP addresses.

The team alsosaidin another update that the “Password is secure,” its two-factor authentication was set up a “long time ago,” and a question has been sent to the “registrar now.”

”While all smart contracts are safe, the domain name points to a malicious site which can drain your wallet! We are investigating and working on recovering the access. No sign of a compromise on our side,” Curvesaid.

Curve Finance was hit with a similarfront end attack in August 2022. In a post-mortem,  the consensus was thatthe attackers managed to clone the Curve Finance websiteand reroute the DNS server to the fake page.

Users who attempted to use the platform had their funds drained into a pool operated by the attackers.

Cointelegraph has contacted Curve Finance for comment.

Curve Finance potential front-end attack

Onchain security firm Blockaid also detected unusual activity from the Curve website recently, warning users to stay away and avoid interacting for now.

It could be a case of a “potential frontend attack,”accordingto the security firm, which is when hackerstargetthe part of the website users interact with, such as the buttons, forms, or text on the site, to steal sensitive data.

“If you’re connected, please refrain from signing transactions and avoid interactions with the DApp until the issue is resolved. We’re working closely with affected partners. More updates soon,” Blockaid said.

Related:Crypto hackers hit DeFi for $92M in April as attacks double from March

Second attack in a week

This is the second time Curve Finance has been targeted in the last week. On May 5,a hacker took over itsofficial Xhandle.

“To clarify: the incident was limited strictly to the X account. No other Curve accounts were affected. No security issues were found on our side, no user funds were impacted, and there were no victims of phishing links that the hacker posted,” the team said in a follow-up May 6 post.

Access to the Curve Finance X account was restored quickly, and the cause is still under investigation.

A slew of other high-profile X accounts have also beentaken over by bad actors this year. On May 2, the Tron DAO account was hijacked; meanwhile, on April 15, a member of the UK’s Parliament, Lucy Powell, hadher account taken over to promote a scam crypto tokencalled the House of Commons Coin (HOC).

Magazine:Financial nihilism in crypto is over — It’s time to dream big again

Explore more articles like this

Subscribe to the Finance Redefined newsletter

A weekly toolkit that breaks down the latest DeFi developments, offers sharp analysis, and uncovers new financial opportunities to help you make smart decisions with confidence. Delivered every Friday

By subscribing, you agree to ourTerms of Services and Privacy Policy