Hackers that target crypto protocols have the size of the methods to be used. Thus, they can attack smart contracts directly which have bugs. However, most of the time, it is much easier to use web2 flaws rather than trying to attack web3 components, which are mostly the subject of audits. For example, attacks of the “DNS Hijacking” type are relatively frequent. The curve protocol has just paid the price.
- Curve, a renowned decentralized exchange in the DEFI, was the target of a Hijacking DNS attack, redirecting users to a malicious site.
- Despite a secure infrastructure, the attack exploited flaws in the DNS supplier, a threat already experienced by Curve in August 2022.
Curve victim of a hijacking DNS
Curve is a decentralized exchange widely known in the DEFI sphere. Although its on-chain infrastructure seems to be most robust, certain components of its application are prey to attempts at attack.
This is particularly the case with his websitewhich is the main interface between users and smart contracts deployed on-chain. Unfortunately, it is exactly this piece of the puzzle that hackers have targeted.
Thus, Monday, May 12, the curve teams have alert of DNS Hijacking in progress Via X.
« Although all intelligent contracts are sure, the domain name points to a malicious site that can empty your wallet! » We investigate and work to recover access. No sign of compromise on our side. »»
Finally, they have succeeded in restoring the situation By abandoning the old domain name and passing over a new one. However, it is difficult to know if users have been impacted by the attack.
What is a hijacking dns
DNS Hijacking is one of the many attacks available to hackers. To understand it, you must first explain what a DNS is.
A DNS, for Domain Name Service, is a service that will do the Link between a domain name and the server IP address that hosts a website.
Thus, the DNS Hijacking consists in redirecting DNS requests to servers controlled by hackers. As a result, when users wish to access the website, without knowing it, they are redirected to an exact copy of the site controlled by hackers.
They can then sipy any Wallet that connects. This is a very insidious vector of attack, because even paying attention to every detail of the URL, the user is unable to have that he is on a fraudulent version of the site he wishes to visit.
Unfortunately for Curve, there was not much to do on their side. Indeed, as explain On X, the attack seems to be targeted their DNS supplier.
“This incident is not linked to a violation of internal systems. Curve has a solid security framework and in accordance with sector standards, including password protection and two factors authentication (2FA), etc., set up well before the incident, and none of which has been bypassed. »»
Certainly, these DNS are a curse for curve. Indeed, in August 2022, the protocol had already been the victim of a Hijacking DNS.
In 2024, the founder of Defillama had sounded the alarm in the face of this threat. According to him, more than one hundred protocols could then be the victim of this type of attack.