PANews reported on May 13, citing Cointelegraph, that the DeFi protocol Curve Finance issued a warning that its Domain Name System (DNS) has been hijacked a second time by hackers, leading users to malicious websites. On May 12, the Curve team posted a message on the X platform, reminding users that 'the DNS for curve.fi may have been hijacked, please do not interact.' The team explained that when users access the site, it points to the wrong IP address. DNS acts like a directory, responsible for converting domain names to IP addresses. The Curve team also stated that password security and two-factor authentication have been set up for a long time, and they have contacted the domain registrar. Although the smart contract is secure, the domain points to a malicious website, which could deplete users' wallet funds. The team is investigating and working to restore access, and no vulnerabilities have been found on their end.
The on-chain security company Blockaid has detected anomalies on the Curve website, warning users to stay away and avoid interactions, stating that this could be a 'potential front-end attack' where hackers steal data targeting user interactions. It reminds connected users not to sign transactions and to avoid interacting with the decentralized application, indicating that more updates will be released as soon as possible.
