Decentralized finance (DeFi) protocol Curve Finance has warned {that a} hacker has once more hijacked its area title system (DNS), sending customers to a malicious web site.  

Within the second assault on its infrastructure in every week, the “curve.fi DNS might be hijacked. Don’t interact!” the workforce mentioned in a Might 12 warning to X.

In a follow-up submit to a consumer asking whether or not it was a hack or a hijack, the Curve Staff mentioned the web site “Points to the wrong IP” when customers attempt to go to. A DNS works like a listing that interprets domains into IP addresses. 

The workforce additionally mentioned in one other replace that the “Password is secure,” its two-factor authentication was arrange a “long time ago,” and a query has been despatched to the “registrar now.”

”Whereas all sensible contracts are secure, the area title factors to a malicious website which may drain your pockets! We’re investigating and dealing on recovering the entry. No signal of a compromise on our aspect,” Curve mentioned.

Curve Finance was hit with an analogous entrance finish assault in August 2022. In a autopsy,  the consensus was that the attackers managed to clone the Curve Finance web site and reroute the DNS server to the faux web page.

Customers who tried to make use of the platform had their funds drained right into a pool operated by the attackers.

Cointelegraph has contacted Curve Finance for remark.

Curve Finance potential front-end assault

Onchain safety agency Blockaid additionally detected uncommon exercise from the Curve web site just lately, warning customers to remain away and keep away from interacting for now.

It may very well be a case of a “potential frontend attack,” in accordance to the safety agency, which is when hackers goal the a part of the web site customers work together with, such because the buttons, kinds, or textual content on the positioning, to steal delicate information.

“If you’re connected, please refrain from signing transactions and avoid interactions with the DApp until the issue is resolved. We’re working closely with affected partners. More updates soon,” Blockaid mentioned.

Associated: Crypto hackers hit DeFi for $92M in April as assaults double from March

Second assault in every week

That is the second time Curve Finance has been focused within the final week. On Might 5, a hacker took over the official X deal with.

“To clarify: the incident was limited strictly to the X account. No other Curve accounts were affected. No security issues were found on our side, no user funds were impacted, and there were no victims of phishing links that the hacker posted,” the workforce mentioned in a follow-up Might 6 submit. 

Entry to the Curve Finance X account was restored rapidly, and the trigger remains to be below investigation.

A slew of different high-profile X accounts have additionally been taken over by dangerous actors this yr. On Might 2, the Tron DAO account was hijacked; in the meantime, on April 15, a member of the UK’s Parliament, Lucy Powell, had her account taken over to advertise a rip-off crypto token referred to as the Home of Commons Coin (HOC).

Journal: Monetary nihilism in crypto is over — It’s time to dream large once more