PANews reported on May 13 that according to Cointelegraph, DeFi protocol Curve Finance issued a warning that its domain name system (DNS) was hijacked by hackers for the second time, and users were directed to malicious websites. On May 12, the Curve team posted a message on the X platform, reminding users that "curve.fi's DNS may have been hijacked, please do not interact." The team explained that the website pointed to the wrong IP address when the user visited. DNS is like a directory, responsible for converting domain names to IP addresses. The Curve team also said that the password is safe, two-factor authentication has been set up for a long time, and the domain name registrar has been contacted. Although the smart contract is currently safe, the domain name points to a malicious website, which may drain the user's wallet funds. The team is investigating and working hard to restore access, and has not yet found any vulnerabilities.
On-chain security company Blockaid detected anomalies on the Curve website and warned users to stay away and avoid interacting, saying that this might be a "potential front-end attack" in which hackers targeted the user interaction part to steal data. It reminded connected users not to sign transactions and avoid interacting with the decentralized application, and said that more updates will be released as soon as possible.
