Curve Finance has warned users not to communicate interaction with his website after a domain name system has focused on a malignant clone designed to dispose of portfolios.
The Defi platform on 12 May issued A warning for X, warning users who “Curve.fi DNS can be hijacked” and advise against any interaction.
The incident includes the DNS of the official website of Curve that is diverted into a malignant front -end. In a Frontend Kaping, attackers compromise the user-oriented layer of a website, including interface elements such as buttons, forms and scripts, to intercept user input or to mislead them to authorize malicious transactions.
Visiting the compromised domain can cause users to connect portfolios and unconsciously give attackers access to their funds.
In a follow -up date, Curve Finance clarified that although the smart contracts of Curve remain safe, the domain now ‘points to the wrong IP’.
According to the Curve team, the two-factor authentication of the platform remains safe and a request for support has been submitted to the domain registrar to reclaim control of the DNS.
From the last update, the team said it is still investigating the incident and it has encouraged users to refrain from interacting with the website until the correct domain settings have been restored.
“The hackers hardly tried,” said David Zhang, co-founder of Web3 Fiat Onlamp stable. In an X -message Zhang pointed out that the hijacking brought little more than a drainer -link embedded in a clickable screenshot.
For Curve this was the second time that the DNS had been hijacked. In August 2022, attackers operated a similar vulnerability, but at the time more than $ 570,000 were transferred to Crypto assets before the issue was admitted.
Binance froze more than $ 450,000 After the attacker tried to move assets through his stock exchange, while the fixed float restored around 112 ETH. Curve later changed his DNS provider and advised users to withdraw approvals to the compromised domain.
The incident also seemed to weigh on market sentiment, with CRV, the native token of Curve Dao, more than 7% in the last 24 hours during writing.
The newest DNS hooding comes only a few days after the X account of Curve Finance was affected. On May 5, a hacker briefly took control of the social media of the platform, using the account to post phishing links. The incident was quickly detained and Curve later clarified that no user funds were influenced.
“No security problems were found on our side, no user funds were influenced, no victims of phishing left who placed the hacker. All curve systems remain fully operational,” wrote Curve Finance in a 6 May X after.
In recent weeks, similar attacks have aimed at X accounts from various other crypto projects and public figures, often to spread phishing -links or to promote swindling docks.
