Curve Finance Warns Users After DNS Hijack Sends Funds to Scam Site

Curve Finance warned users to avoid its curve.fi website due to a DNS hijacking attack redirecting visitors to a malicious wallet drainer.

  • The security incident affected the website, but the underlying protocol and smart contracts remain secure, according to Curve’s official statements.
  • Past front-end attacks have targeted other DeFi platforms and have caused significant user losses, highlighting ongoing risks in decentralized finance.

On May 12, 2025, Curve Finance, a prominent decentralized exchange, urged users to steer clear of its curve.fi website in response to a DNS (Domain Name System) hijacking attack. The attack redirected visitors to a malicious site designed to drain their cryptocurrency wallets.

- Advertisement -

Within two hours of the initial alert, Curve Finance confirmed the incident on its official social channels. Co-founder Michael Egorov recommended users instead access the exchange via its alternative front-end, curve.finance. The company stated on X (formerly Twitter) that the attack had compromised the domain, not the underlying protocol: “While all smart contracts are safe, the domain name points to a malicious site which can drain your wallet!”

This event follows a recent hack of Curve’s social media account used to spread a phishing website, part of a wider pattern affecting crypto platforms. According to DeFiLlama, Curve Finance ranks as the fourth-largest decentralized exchange by total value locked, with about $2 billion currently secured across nine blockchains.

Front-end attacks, like DNS hijacking, target user interactions rather than exploiting core smart contracts or liquidity pools. Attackers redirect users to deceptive websites, prompting them to sign fraudulent transactions. This technique has previously affected multiple DeFi projects. For example, the 2021 Badger DAO incident cost users $120 million after approvals were harvested, and a similar attack in 2022 led to $570,000 in losses for Curve users when the domain was spoofed.

Curve Finance publicly criticized its DNS registrar, iwantmyname, for what it called an inadequate response time. The company noted ongoing limitations due to the .fi domain, though it indicated plans to phase out the affected domain in the future.

Since its 2020 launch, Curve Finance has faced multiple security challenges. In 2023, a separate hack led to $70 million in liquidity pool losses and triggered a significant drop in its CRV token price. Despite these incidents, the protocol itself has remained operational during the recent DNS attack, with all smart contracts reported secure.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -

Latest News

Ondo Rises 1.5% as Tokenized Stocks Alliance Gains Strength

Ondo rose 1.5% to $0.77 over the past 24 hours, maintaining gains after a...

Donkey Kong Bananza Launches July 17 for Nintendo Switch 2

Several major video game releases are scheduled for July 2025, featuring both new titles...

Bitcoin Nears All-Time High Weekly Close as Bulls Regain Control

Bitcoin approaches $109,000, nearing its highest-ever weekly closing value. Market volatility increases as Hyperliquid’s James...

Kenya Crypto Bill Sparks Fears of Binance-Linked Regulatory Bias

Kenyan crypto firms are worried that proposed regulations could give a Binance-linked group too...

REX Shares Set to Launch First Solana Staking ETF After SEC OK

REX Shares prepares to launch the first U.S. exchange-traded fund (ETF) featuring Solana staking.The...

Must Read

17 Best Cryptocurrency Wallets

If you are looking for a list with the best cryptocurrency wallets, then you've landed on the right page. Cryptocurrency, as we all know,...