Late last night, the curve [.] fi domain was compromised at the DNS level. This exploit redirected traffic to a malicious IP not associated with Curve Finance. No smart contracts or internal systems were breached—the protocol itself remains fully operational and secure.

User funds are safe. Curve smart contracts remain secure.

The incident has not affected the protocol’s infrastructure and is strictly limited to the DNS layer. As soon as the exploit was detected, we’ve immediately taken the following steps:

Isolated the issue to the DNS layer

Initiated a full investigation

Engaged with our domain registrar and security partners

Reinforced all operational security protocols

We are actively working with the domain registrar to resolve the issue and restore normal operations as soon as possible.

This incident is not related to any breach of internal systems. Curve maintains a robust and industry standard security framework including password protection and two-factor authentication (2FA), etc, implemented long before the incident, none of which were bypassed.

The DNS incident involving https://t.co/852iZ4rJEd reflects a broader issue across the industry. In recent weeks, there has been a noticeable increase in attacks targeting the infrastructure of various crypto projects. Such incidents affect the entire market and highlight the importance of a systematic approach to protection. Curve Finance is taking all necessary measures to ensure the safety of user funds and restore the stable operation of the service.

In the meantime, avoid interacting with the https://t.co/852iZ4rJEd domain until an official update is shared through Curve Finance’s verified communication channels.

We understand the seriousness of the situation and are committed to full transparency. Our top priority is user safety and maintaining trust in Curve as public infrastructure for DeFi.

Thank you for your continued support.