Age Verification

This website requires you to be 16 or over, Please confirm you are over 16

I Am Over 16 Leave Website
Informations
Jump to content

Lorem Ipsum...

Click to Dismiss this Notification
Ładowanie danych...
  • Records

    DNS Hijacking Strikes Again: How Curve Finance Users Were Targeted

    100%

    By 100%,

    • 147 views

       (0 reviews)
     Share

    On May 12, 2025, at 20:55 UTC, hackers successfully hijacked the DNS (Domain Name System) of Curve Finance, redirecting users to a malicious website designed to steal their crypto assets. This marked the second attack on Curve’s infrastructure in just one week, raising serious concerns about DeFi security vulnerabilities.

    How the Attack Unfolded

    • Attack Method: Hackers compromised the ".fi" domain registrar, altering DNS records to redirect traffic.

    • User Impact: Visitors were sent to a fake Curve Finance website that prompted them to sign malicious transactions.

    • Key Detail: The smart contracts remained secure—only the front-end interface was affected.

    What is DNS Hijacking?

    The Domain Name System (DNS) acts like the internet’s phonebook, translating human-readable domains (e.g., curve.fi) into machine-readable IP addresses. When attackers hijack DNS:
    ✔ They redirect users to fake sites without their knowledge.
    ✔ They steal login credentials, wallet approvals, and funds.
    ✔ The attack leaves no on-chain traces until it’s too late.

    Common DNS Hijacking Techniques

    Type Description
    Local DNS Hijack Malware alters DNS settings on a victim’s device.
    Router Hijack Hackers change DNS settings on a Wi-Fi router.
    Registrar-Level Hijack Attackers compromise the domain registrar (as in Curve’s case).
    Man-in-the-Middle (MITM) Intercepts and modifies DNS queries in transit.

    Curve Finance’s Response

    1. Immediate Mitigation

      • Redirected curve.fi to neutral nameservers, taking the site offline.

      • Launched a temporary secure front-end at curve.finance.

    2. User Protection Measures

      • Alerted users via official channels (Twitter, Discord).

      • Requested a takedown of the compromised domain.

    3. Long-Term Security Upgrades

      • Evaluating decentralized alternatives (ENS, IPFS).

      • Strengthening registrar security (MFA, domain locking).

    <foto> *(Image: Comparison of legitimate vs. fake Curve Finance site)* <foto>

    How Crypto Projects Can Prevent DNS Hijacking

    Adopt Decentralized Web Solutions

    • Use Ethereum Name Service (ENS) instead of traditional DNS.

    • Host front-ends on IPFS or Arweave for censorship resistance.

      Enhance Registrar Security

    • Enable DNSSEC (DNS Security Extensions).

    • Require multi-factor authentication (MFA) for domain management.

      Educate Users

    • Encourage bookmarking official URLs.

    • Warn against unverified transaction prompts.

    Why This Matters for DeFi

    • Centralized Weak Points: Even decentralized protocols rely on centralized DNS, creating vulnerabilities.

    • Growing Threat: DNS hijacks are increasingly common in crypto (see 2023 Curve attack).

    • User Protection Needed: Projects must balance decentralization with security.

     

    Source

    Curve Finance

     

     Share
    Go to records

    User Feedback

    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.

    Guest

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

spacer.png

Disable AdBlock
The popup will be closed in 5 seconds...