Curve Finance warns that their DNS has been attacked again

Onchain security company Blockaid speculates that this could be a front attack and advises not to sign transactions as well as to avoid interacting with Curve until the issue is resolved.

The decentralized finance (DeFi) protocol Curve Finance has warned that a hacker has once again compromised its domain name system (DNS), directing users to a malicious website.

In the second attack on its infrastructure within a week, "curve.fi DNS may be compromised. Do not interact!" the team said in a warning on May 12 to X.

In a subsequent post sent to users asking whether it was a hack or hijack, the Curve Team stated that the website "Points to the wrong IP" when users attempted to access it. DNS works like a directory translating domain names into IP addresses.

The team also stated in another update that "Safe password," their two-factor authentication has been set up "a long time ago" and a question has been sent to "the registrar right now".

"Although all smart contracts are safe, the domain points to a malicious website that could drain your wallet! We are investigating and working to restore access. There are no signs that we have been compromised," Curve stated.

Curve Finance was similarly attacked in August 2022. After an investigation, the overall conclusion was that the attackers had replicated the Curve Finance website and redirected the DNS servers to a counterfeit site.#CURVE