Curve Finance Issues Warning After DNS Hijack Incident
Curve Finance recently issued a warning to its users to avoid interacting with its website due to a domain name system hijack that redirected users to a malicious clone designed to drain wallets. The DeFi platform alerted users on X on May 12, cautioning them that the curve.fi DNS might be hijacked and advising against any interaction.
The incident involved the DNS of Curve’s official website being rerouted to a malicious front end. In a frontend hijack, attackers compromise the user-facing layer of a website, including interface elements like buttons, forms, and scripts, to intercept user inputs or trick them into authorizing malicious transactions.
Visiting the compromised domain could potentially lead users to connect wallets and unknowingly give attackers access to their funds. While Curve Finance clarified that its smart contracts remain secure, the domain now points to the wrong IP address.
The Curve team assured users that the platform’s two-factor authentication remains secure, and a support request has been submitted to the domain registrar to regain control of the DNS. They are currently investigating the incident and have urged users to refrain from interacting with the website until the correct domain settings are restored.
David Zhang, co-founder of Web3 fiat onramp Stably, pointed out that the hackers used a simple drainer link embedded in a clickable screenshot to carry out the hijack. This is not the first time Curve’s DNS has been hijacked, as a similar vulnerability was exploited in August 2022, resulting in over $570,000 worth of crypto assets being siphoned before the issue was resolved.
Following the previous incident, Binance froze over $450,000 of assets and Fixed Float recovered around 112 ETH. Curve Finance subsequently changed its DNS provider and advised users to revoke approvals linked to the compromised domain. Market sentiment was affected by the recent DNS hijack, with CRV, the native token of Curve DAO, down over 7% in the past 24 hours.
This incident comes shortly after Curve Finance’s X account was compromised on May 5, when a hacker briefly took control of the platform’s social media handle to post phishing links. However, no user funds were affected, and Curve confirmed that all systems remain fully operational.
Similar attacks targeting X accounts of various crypto projects and public figures have been on the rise in recent weeks, often used to spread phishing links or promote scam tokens. It is crucial for users to remain vigilant and exercise caution when interacting with online platforms to protect their assets and personal information.