2025年5月12日,UTC 20:55 Hackers在設法訪問註冊商後,劫持了曲線融資的“ .fi”域名系統(DNS)。
On Thursday, May 12, at 20:55 UTC, hackers hijacked the “.fi” domain name system (DNS) of Curve Finance after managing to access the registrar. The hackers began sending its users to a malicious website, attempting to drain their wallets. This was the second attack on Curve Finance’s infrastructure in a week.
5月12日,星期四,UTC 20:55 Hackers在設法訪問註冊商後劫持了曲線融資的“ .fi”域名系統(DNS)。黑客開始將用戶發送到惡意網站,試圖瀝乾錢包。這是一周內對Curve Finance基礎設施的第二次攻擊。
As part of a phishing campaign, users were directed to a website that was a non-functional decoy, designed only to trick users into providing wallet signatures. The hack hadn’t breached the protocol’s smart contracts and was limited to the DNS layer.
作為網絡釣魚活動的一部分,用戶被指向一個非功能誘餌的網站,旨在誘使用戶提供錢包簽名。該黑客沒有違反協議的智能合約,並且僅限於DNS層。
The DNS is a critical component of the internet that functions like a phonebook. It allows you to use simple, memorable domain names (such as facebook.com) instead of complex numerical IP addresses (like 192.168.1.1) for websites. DNS converts these user-friendly domain names into the IP addresses computers require to connect.
DNS是Internet的關鍵組成部分,其功能像電話簿一樣。它使您可以將簡單,令人難忘的域名(例如Facebook.com)而不是複雜的數字IP地址(例如192.168.1.1)用於網站。 DNS將這些用戶友好的域名轉換為計算機所需的IP地址。
This is not the first time Curve Finance, a decentralized finance (DeFi) protocol, has suffered such an attack. Back in August 2022, Curve Finance faced an attack with similar tactics. The attackers had cloned the Curve Finance website and interfered with its DNS settings to send users to a duplicate version of the website. Users who tried using the platform ended up losing their money to the attackers. The project was using the same registrar, “iwantmyname,” at the time of the previous attack.
這不是第一次曲線融資,是一種分散的財務(DEFI)協議,遭受了這種攻擊。早在2022年8月,Curve Finance就面臨著類似戰術的攻擊。攻擊者已將曲線融資網站克隆,並干擾了其DNS設置,以將用戶發送到該網站的重複版本。嘗試使用該平台的用戶最終將錢損失給攻擊者。該項目在上一次攻擊時使用了同一註冊服務商“ Iwantmyname”。
