曲線金融警告用戶其網站再次被黑客劫持

分散的金融（DEFI）協議曲線財務已警告說，黑客再次劫持了其域名系統（DNS），將用戶發送到惡意網站。

Decentralized finance (DeFi) protocol Curve Finance has warned that a hacker has again hijacked its domain name system (DNS), sending users to a malicious website.

分散的金融（DEFI）協議曲線財務已警告說，黑客再次劫持了其域名系統（DNS），將用戶發送到惡意網站。

In the second attack on its infrastructure in a week, the “curve.fi DNS might be hijacked. Don’t interact!” the team said in a May 12 warning to X.

在一周內對其基礎架構的第二次攻擊中，“ curve.fi dns可能會被劫持。不要互動！”該小組在5月12日對X的警告中說。

In a follow-up post to a user asking whether it was a hack or a hijack, the Curve Team said the website “Points to the wrong IP" when users try to visit. A DNS works like a directory that translates domain names into IP addresses.

在給用戶的後續文章中，詢問是黑客還是劫持，曲線團隊在用戶嘗試訪問時說，網站“指向錯誤的IP”。 DNS的作用類似於將域名轉換為IP地址的目錄。

The team also said in another update that the “Password is secure,” its two-factor authentication was set up a “long time ago,” and a question has been sent to the “registrar now.”

該團隊還在另一份更新中表示，“密碼是安全的”，其兩因素身份驗證是在“很久以前”設置的，並且已將問題發送給“註冊商”。

”While all smart contracts are safe, the domain name points to a malicious site which can drain your wallet! We are investigating and working on recovering the access. No sign of a compromise on our side,” Curve said.

Curve說：“儘管所有智能合約都是安全的，但域名指向一個惡意網站，該網站可能會耗盡您的錢包！我們正在調查並致力於恢復訪問權限。我們這邊沒有妥協的跡象。”

Curve Finance was hit with a similar front end attack in August 2022. In a post-mortem, the consensus was that the attackers managed to clone the Curve Finance website and reroute the DNS server to the fake page.

曲線融資在2022年8月受到類似的前端攻擊襲擊。在驗屍中，共識是攻擊者設法克隆了曲線融資網站，並將DNS服務器重新路由轉移到假頁面上。

Users who attempted to use the platform had their funds drained into a pool operated by the attackers.

試圖使用該平台的用戶將其資金排入了攻擊者經營的池中。

Cointelegraph has contacted Curve Finance for comment.

Cointelegraph已聯繫曲線融資以供評論。

Onchain security firm Blockaid also detected unusual activity from the Curve website recently, warning users to stay away and avoid interacting for now.

OnChain安全公司最近還從曲線網站上檢測到了異常活動，警告用戶遠離並避免目前進行互動。

It could be a case of a “potential frontend attack,” according to the security firm, which is when hackers target the part of the website users interact with, such as the buttons, forms, or text on the site, to steal sensitive data.

根據安全公司的說法，這可能是“潛在的前端攻擊”的一種情況，這是黑客針對網站用戶與網站上的按鈕，表單或文本互動的部分來竊取敏感數據的情況。

“If you’re connected, please refrain from signing transactions and avoid interactions with the DApp until the issue is resolved. We’re working closely with affected partners. More updates soon,” Blockaid said.

“如果您連接，請不要簽署交易，避免與DAPP進行交互，直到解決問題為止。我們與受影響的合作夥伴緊密合作。很快會有更多更新。”

This is the second time Curve Finance has been targeted in the last week. On May 5, a hacker took over its official X handle.

這是上週第二次曲線融資。 5月5日，一名黑客接管了其官方的X手柄。

“To clarify: the incident was limited strictly to the X account. No other Curve accounts were affected. No security issues were found on our side, no user funds were impacted, and there were no victims of phishing links that the hacker posted,” the team said in a follow-up May 6 post.

該團隊在5月6日的後續帖子中說：“澄清：該事件嚴格限於X帳戶。沒有其他曲線帳戶受到影響。在我們這邊沒有發現安全問題，沒有影響用戶資金，也沒有黑客發布的網絡釣魚鏈接的受害者。”

Access to the Curve Finance X account was restored quickly, and the cause is still under investigation.

訪問曲線金融X帳戶的訪問很快就恢復了，原因仍在調查中。

A slew of other high-profile X accounts have also been taken over by bad actors this year. On May 2, the Tron DAO account was hijacked; meanwhile, on April 15, a member of the UK’s Parliament, Lucy Powell, had her account taken over to promote a scam crypto token called the House of Commons Coin (HOC).

今年，不好的演員也接管了許多其他備受矚目的X帳戶。 5月2日，Tron Dao帳戶被劫持；同時，在4月15日，英國議會的一名成員露西·鮑威爾（Lucy Powell）接管了她的帳戶，以推廣一個名為Commons Coin House of Commons Coin（HOC）的騙局加密令牌。