The team of the DeFi protocol Curve Finance has announced information about a new attempt to hijack its DNS. On May 12, a warning appeared on the project's official account on X that the domain curve.fi 'points to an improper IP address' and redirects users to a fraudulent site.
The Curve team assured that smart contracts and two-factor authentication remain secure, and that the issue is already being discussed with the registrar; however, user operations on the site may lead to the loss of funds.
At the same time, Blockaid recorded suspicious activity on the Curve frontend. According to analysts, this could be a repeat frontend attack, during which attackers replace interface elements to steal data or transaction signatures.
Users are strongly advised not to sign transactions and to completely refrain from interacting with the DApp until full control over the DNS is restored.
