Curve Finance has more answers to this week’s $570,000 frontend attack.
A recent report conducted with domain registrar company iwantmyname, the domain host for the decentralized exchange, indicated that Tuesday’s hack was a result of “DNS cache poisoning, not nameserver compromise.”
On August 9, Curve notified users that it had suffered a frontend attack where the nameserver, curve.fi, was compromised, leading to $570,000 of Ethereum (ETH) being stolen from users.
It reported that the platform was targeted through a compromise in the hosted domain name service infrastructure. Hackers cloned the records in the server to mimic the original server, known as DNS cache poisoning.
This attack redirects users to a page of the attacker’s choosing, tricking people into thinking it is the original domain and using the site as usual.
Beyond outlining the attack method, Curve also said that “What has happened strongly suggests to start moving to ENS instead of DNS,” referring to the crypto equivalent of DNS—a namesource that translates the IP address into the page for users—called the Ethereum Name Service.
Moving to ENS, as Curve suggested, will reportedly prevent such frontend hacks from happening in the future.
Curve Finance has yet to respond to Decrypt’s inquiries on the matter.
What is Ethereum Name Service?
Etheruem Name Service, or ENS, has been made popular of late thanks to its ability to turn the long string of letters and numbers that is crypto addresses into human-readable addresses.
Instead of that clunky crypto address, one could instead into something like “satoshi.eth” using ENS. And as you can imagine, that “.eth” suffix looks similar to the DNS-native “.com.”
But insofar as the service exists on the Ethereum blockchain, it’s far more secure and potentially resilient to attacks like those suffered by Curve on Tuesday.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
暂时没有评论,赶紧抢沙发吧!