曲线金融警告用户其网站再次被黑客劫持

分散的金融（DEFI）协议曲线财务已警告说，黑客再次劫持了其域名系统（DNS），将用户发送到恶意网站。

Decentralized finance (DeFi) protocol Curve Finance has warned that a hacker has again hijacked its domain name system (DNS), sending users to a malicious website.

分散的金融（DEFI）协议曲线财务已警告说，黑客再次劫持了其域名系统（DNS），将用户发送到恶意网站。

In the second attack on its infrastructure in a week, the “curve.fi DNS might be hijacked. Don’t interact!” the team said in a May 12 warning to X.

在一周内对其基础架构的第二次攻击中，“ curve.fi dns可能会被劫持。不要互动！”该小组在5月12日对X的警告中说。

In a follow-up post to a user asking whether it was a hack or a hijack, the Curve Team said the website “Points to the wrong IP" when users try to visit. A DNS works like a directory that translates domain names into IP addresses.

在给用户的后续文章中，询问是黑客还是劫持，曲线团队在用户尝试访问时说，网站“指向错误的IP”。 DNS的作用类似于将域名转换为IP地址的目录。

The team also said in another update that the “Password is secure,” its two-factor authentication was set up a “long time ago,” and a question has been sent to the “registrar now.”

该团队还在另一份更新中表示，“密码是安全的”，其两因素身份验证是在“很久以前”设置的，并且已将问题发送给“注册商”。

”While all smart contracts are safe, the domain name points to a malicious site which can drain your wallet! We are investigating and working on recovering the access. No sign of a compromise on our side,” Curve said.

Curve说：“尽管所有智能合约都是安全的，但域名指向一个恶意网站，该网站可能会耗尽您的钱包！我们正在调查并致力于恢复访问权限。我们这边没有妥协的迹象。”

Curve Finance was hit with a similar front end attack in August 2022. In a post-mortem, the consensus was that the attackers managed to clone the Curve Finance website and reroute the DNS server to the fake page.

曲线融资在2022年8月受到类似的前端攻击袭击。在验尸中，共识是攻击者设法克隆了曲线融资网站，并将DNS服务器重新路由转移到假页面上。

Users who attempted to use the platform had their funds drained into a pool operated by the attackers.

试图使用该平台的用户将其资金排入了攻击者经营的池中。

Cointelegraph has contacted Curve Finance for comment.

Cointelegraph已联系曲线融资以供评论。

Onchain security firm Blockaid also detected unusual activity from the Curve website recently, warning users to stay away and avoid interacting for now.

OnChain安全公司最近还从曲线网站上检测到了异常活动，警告用户远离并避免目前进行互动。

It could be a case of a “potential frontend attack,” according to the security firm, which is when hackers target the part of the website users interact with, such as the buttons, forms, or text on the site, to steal sensitive data.

根据安全公司的说法，这可能是“潜在的前端攻击”的一种情况，这是黑客针对网站用户与网站上的按钮，表单或文本互动的部分来窃取敏感数据的情况。

“If you’re connected, please refrain from signing transactions and avoid interactions with the DApp until the issue is resolved. We’re working closely with affected partners. More updates soon,” Blockaid said.

“如果您连接，请不要签署交易，避免与DAPP进行交互，直到解决问题为止。我们与受影响的合作伙伴紧密合作。很快会有更多更新。”

This is the second time Curve Finance has been targeted in the last week. On May 5, a hacker took over its official X handle.

这是上周第二次曲线融资。 5月5日，一名黑客接管了其官方的X手柄。

“To clarify: the incident was limited strictly to the X account. No other Curve accounts were affected. No security issues were found on our side, no user funds were impacted, and there were no victims of phishing links that the hacker posted,” the team said in a follow-up May 6 post.

该团队在5月6日的后续帖子中说：“澄清：该事件严格限于X帐户。没有其他曲线帐户受到影响。在我们这边没有发现安全问题，没有影响用户资金，也没有黑客发布的网络钓鱼链接的受害者。”

Access to the Curve Finance X account was restored quickly, and the cause is still under investigation.

访问曲线金融X帐户的访问很快就恢复了，原因仍在调查中。

A slew of other high-profile X accounts have also been taken over by bad actors this year. On May 2, the Tron DAO account was hijacked; meanwhile, on April 15, a member of the UK’s Parliament, Lucy Powell, had her account taken over to promote a scam crypto token called the House of Commons Coin (HOC).

今年，不好的演员也接管了许多其他备受瞩目的X帐户。 5月2日，Tron Dao帐户被劫持；同时，在4月15日，英国议会的一名成员露西·鲍威尔（Lucy Powell）接管了她的帐户，以推广一个名为Commons Coin House of Commons Coin（HOC）的骗局加密令牌。