曲线金融警告用户DNS劫持针对其网站的攻击

更新5月13日，上午12:33 UTC：本文已更新，以包括曲线金融中的更多信息。

Decentralized finance protocol Curve Finance has warned that a hacker has again hijacked its domain name system (DNS), sending users to a malicious website.

分散的金融协议曲线金融警告说，黑客再次劫持了其域名系统（DNS），将用户发送到恶意网站。

In the second attack on its infrastructure in a week, the “curve.fi DNS might be hijacked. Don’t interact!” the team said in a May 12 warning to X.

在一周内对其基础架构的第二次攻击中，“ curve.fi dns可能会被劫持。不要互动！”该小组在5月12日对X的警告中说。

In a follow-up post to a user asking whether it was a hack or a hijack, the Curve Team said the website "Points to the wrong IP" when users try to visit. A DNS works like a directory that translates domain names into IP addresses.

在给用户的后续文章中，询问是黑客还是劫持，曲线团队在用户尝试访问时说，网站“指向错误的IP”。 DNS的作用类似于将域名转换为IP地址的目录。

The team also said in another update that the "Password is secure," its two-factor authentication was set up a "long time ago," and a question has been sent to the "registrar now."

该团队还在另一份更新中表示，“密码是安全的”，其两因素身份验证是在“很久以前”设置的，并且已经将问题发送给“现在的注册商”。

”While all smart contracts are safe, the domain name points to a malicious site which can drain your wallet! We are investigating and working on recovering the access. No sign of a compromise on our side,” Curve said.

Curve说：“尽管所有智能合约都是安全的，但域名指向一个恶意网站，该网站可能会耗尽您的钱包！我们正在调查并致力于恢复访问权限。我们这边没有妥协的迹象。”

Curve Finance was hit with a similar front end attack in August 2022. In a post-mortem, the consensus was that the attackers managed to clone the Curve Finance website and reroute the DNS server to the fake page.

曲线融资在2022年8月受到类似的前端攻击袭击。在验尸中，共识是攻击者设法克隆了曲线融资网站，并将DNS服务器重新路由转移到假页面上。

Users who attempted to use the platform had their funds drained into a pool operated by the attackers.

试图使用该平台的用户将其资金排入了攻击者经营的池中。

Decrypt has contacted Curve Finance for comment.

解密已联系曲线融资以供评论。

Onchain security firm Blockaid also detected unusual activity from the Curve website recently, warning users to stay away and avoid interacting for now.

OnChain安全公司最近还从曲线网站上检测到了异常活动，警告用户远离并避免目前进行互动。

It could be a case of a “potential frontend attack,” according to the security firm, which is when hackers target the part of the website users interact with, such as the buttons, forms, or text on the site, to steal sensitive data.

根据安全公司的说法，这可能是“潜在的前端攻击”的一种情况，这是黑客针对网站用户与网站上的按钮，表单或文本互动的部分来窃取敏感数据的情况。

“If you’re connected, please refrain from signing transactions and avoid interactions with the DApp until the issue is resolved. We’re working closely with affected partners. More updates soon,” Blockaid said.

“如果您连接，请不要签署交易，避免与DAPP进行交互，直到解决问题为止。我们与受影响的合作伙伴紧密合作。很快会有更多更新。”

Earlier this year, reports suggested that a rising number of DeFi protocols were being targeted by hackers. According to Chainalysis, April saw $92 million in crypto stolen from DeFi in 12 separate incidents.

今年早些时候，报道表明，黑客的针对数量增加的DEFI协议。根据Chainalysis，April在12起单独的事件中从Defi中偷走了9200万美元的加密货币。

This is more than double the $41 million lost in March, and the highest total for any month since August 2022, when $143 million was stolen in seven separate incidents.

这是三月份损失的4100万美元的两倍以上，是自2022年8月以来的任何一个月的最高总数，当时1.43亿美元在七起单独的事件中被盗。

The large majority of the stolen funds were in Ether, and the majority of the protocols targeted were decentralized exchanges.

绝大多数被盗的资金都在以太，而目标的大多数是分散的交易所。