2025年5月12日,UTC 20:55 Hackers在设法访问注册商后,劫持了曲线融资的“ .fi”域名系统(DNS)。
On Thursday, May 12, at 20:55 UTC, hackers hijacked the “.fi” domain name system (DNS) of Curve Finance after managing to access the registrar. The hackers began sending its users to a malicious website, attempting to drain their wallets. This was the second attack on Curve Finance’s infrastructure in a week.
5月12日,星期四,UTC 20:55 Hackers在设法访问注册商后劫持了曲线融资的“ .fi”域名系统(DNS)。黑客开始将用户发送到恶意网站,试图沥干钱包。这是一周内对Curve Finance基础设施的第二次攻击。
As part of a phishing campaign, users were directed to a website that was a non-functional decoy, designed only to trick users into providing wallet signatures. The hack hadn’t breached the protocol’s smart contracts and was limited to the DNS layer.
作为网络钓鱼活动的一部分,用户被指向一个非功能诱饵的网站,旨在诱使用户提供钱包签名。该黑客没有违反协议的智能合约,并且仅限于DNS层。
The DNS is a critical component of the internet that functions like a phonebook. It allows you to use simple, memorable domain names (such as facebook.com) instead of complex numerical IP addresses (like 192.168.1.1) for websites. DNS converts these user-friendly domain names into the IP addresses computers require to connect.
DNS是Internet的关键组成部分,其功能像电话簿一样。它使您可以将简单,令人难忘的域名(例如Facebook.com)而不是复杂的数字IP地址(例如192.168.1.1)用于网站。 DNS将这些用户友好的域名转换为计算机所需的IP地址。
This is not the first time Curve Finance, a decentralized finance (DeFi) protocol, has suffered such an attack. Back in August 2022, Curve Finance faced an attack with similar tactics. The attackers had cloned the Curve Finance website and interfered with its DNS settings to send users to a duplicate version of the website. Users who tried using the platform ended up losing their money to the attackers. The project was using the same registrar, “iwantmyname,” at the time of the previous attack.
这不是第一次曲线融资,是一种分散的财务(DEFI)协议,遭受了这种攻击。早在2022年8月,Curve Finance就面临着类似战术的攻击。攻击者已将曲线融资网站克隆,并干扰了其DNS设置,以将用户发送到该网站的重复版本。尝试使用该平台的用户最终将钱损失给攻击者。该项目在上一次攻击时使用了同一注册服务商“ Iwantmyname”。
