Curve Finance under siege again
cryptonews

Curve Finance under siege again

kriptoworld
by kriptoworld

-

710
0

Curve Finance just got hit, again. They suffered a breach earlier this week, and this is the second cyber attack this month.

The bad guys pulled a move called a DNS hijack, redirecting Curve’s website visitors to some shady, malicious site.

Instead of landing on Curve’s legit platform, users got sent straight into the lion’s den, risking their wallets getting drained.

Enemies at the gates

Curve was quick to jump on X, waving the red flag and warning users don’t interact, as the curve.fi DNS might be hijacked.

X

They clarified it wasn’t a hack on their smart contracts, those stayed untouched, but the website itself was compromised.

The hackers messed with the domain’s address, sending users to a fake site designed to steal funds. That’s the dirty trick here.

The Curve team reassured everyone that their passwords and two-factor authentication were intact, and they’re scrambling to wrest control back from the crooks.

Meanwhile, on-chain security watchdog Blockaid spotted the suspicious activity and warned users to freeze all interactions with Curve until the all-clear sounds. No signing transactions, no swapping tokens, just sit tight.

Victims

Unfortunately, the fallout doesn’t stop at Curve. Other DeFi projects, like Convex Finance and Resupply, which rely on Curve’s data feeds, got caught in the crossfire.

Their services stumbled, operations hiccupped, and users felt the ripple effects. Both teams said their core systems are safe, but until Curve’s domain is fully restored, the pain continued.

Now, if you’re wondering what DNS hijacking even means, think of it as the cyber equivalent of a crooked street sign.

Instead of pointing you to the right place, it sends you down a dark alley where the bad guys wait to rob you blind.

It’s a reminder that while DeFi’s smart contracts are tough nuts to crack, their web frontends? Maybe not so much.

Risk

Curve’s no stranger to the drama. Just last week, their official X account got hijacked, though luckily no user funds vanished.

And back in 2022, a similar DNS breach led to a $570,000 ETH theft, laundered faster than you can say blockchain. The scars run deep.

So, DeFi protocols gotta beef up front-end security, pronto. Because no matter how bulletproof smart contracts are, if the website’s a sitting duck, the whole house of cards can come tumbling down.


Disclosure:This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.

Kriptoworld.com accepts no liability for any errors in the articles or for any financial loss resulting from incorrect information.

Previous article
Ethereum Foundation Starts Trillion Dollar Security Initiative to Replace Old Systems
Next article
Cardano joins Brave browser

LATEST POSTS

Tech

MediaTek Vulnerability Exposed Crypto Seed Phrases on Android Phones

A MediaTek vulnerability allowed attackers to steal crypto seed phrases from some Android phones in about 45 seconds, according to Ledger’s Donjon security team. The...
cryptonews

Binance.US CEO Change Puts Stephen Gregory at Center of US Expansion Plan

Binance.US has named Stephen Gregory as its new chief executive officer as the crypto exchange moves deeper into its next phase in the US crypto...
cryptonews

Tether Invests $50M in Eight Sleep as AI Sleep Tracking Startup Reaches $1.5B Valuation

Tether led a $50 million investment round in Eight Sleep, an AI sleep tracking and sleep technology startup. The round valued Eight Sleep at $1.5...
cryptonews

Binance Says Sanctions Exposure Fell 97% Since 2024 as Iran Links Come Under Fresh Focus

Binance said its Binance sanctions exposure dropped about 97% since January 2024. The exchange said its exchange volume exposure tied to sanctioned entities now sits...
Load more

Follow us on X too!

123FollowersFollow

Most Popular

Guest posts