⚠️ DNS Hijack Redirects to Malicious Clone
On May 12, Curve Finance confirmed that its official domain was compromised, with attackers manipulating DNS records to reroute users to a fake version of the platform. This counterfeit site was designed to harvest wallet information and drain user funds under the guise of legitimate interactions.
While the team quickly responded and began remediation, they urged users to avoid interacting with the platform until the domain was fully secured. The protocol’s smart contracts, however, remained unaffected by the breach, suggesting that the compromise was isolated to the front-end layer.
🧠 Second Major Attack in Weeks
The DNS exploit comes on the heels of another recent security event where Curve’s official X (formerly Twitter) account was briefly hijacked. Though access was soon restored, the successive attacks have raised concerns across the crypto community about the platform’s digital security posture.
Security firm Blockaid, which flagged the issue, warned users to avoid signing any transactions through the Curve dApp until further notice. Their proactive alert may have prevented greater damage.
“This is a textbook DNS hijack—high risk with low technical complexity,” said a cybersecurity analyst. “It’s a reminder that even top-tier DeFi protocols can fall prey to classic attack vectors.”
🔍 Immediate Action & Recovery Measures
Curve Finance’s team is currently working in close coordination with their domain registrar and cybersecurity partners to investigate the breach, restore DNS integrity, and harden their systems against future exploits. The compromised DNS records have since been updated, and users are being directed to monitor Curve’s official channels for real-time updates.
💡 Broader Implications for DeFi
This incident serves as a critical wake-up call for DeFi projects and users alike. While smart contracts and on-chain infrastructure may be secure, off-chain components like DNS, social media, and web hosting remain vulnerable and are often targeted by attackers looking to exploit user trust.
Industry experts are calling for stronger multi-layered security practices, including:
Enhanced DNS protection protocols
Multi-factor authentication on admin accounts
Real-time phishing monitoring services
Decentralized front-end hosting alternatives
