Curve Finance Site Hijacked in DNS Attack, Users Urged to Stay Away

Curve Finance, one of the largest decentralized finance (DeFi) protocols, suffered a DNS hijacking attack on Monday that compromised its main website, “curve.fi.” 

Widely used for stablecoin and pegged-asset trading, Curve plays a key role in DeFi as a core liquidity provider. Its smart contracts are deeply integrated across other protocols, helping to maintain efficient, low-slippage trading across the ecosystem.

Attack Redirected Users to a Fake Curve Finance Website

The incident involved the manipulation of Curve’s Domain Name System (DNS) records, redirecting users from the official domain to a malicious clone. 

The fake site mirrored Curve’s interface and contained scripts designed to trick users into approving token transfers to attacker-controlled wallets.

Curve’s team confirmed the incident was strictly limited to the DNS layer and did not affect its smart contracts or core infrastructure.

Curve Responds and Launches Investigation

In response, Curve’s team isolated the issue, launched a full investigation, and began working with its domain registrar and external security partners. 

The team noted that some safeguards were already in place prior to the breach and committed to enhancing protections going forward.

Users were advised to avoid “curve.fi” and instead use the alternate domain “curve.finance.” Wallet providers like Phantom have blocked the compromised domain and issued warnings to users.

What Are DNS Attacks and Why Are They So Dangerous?

DNS attacks are infrastructure-level exploits that do not hack the blockchain, but instead hack the way users get to it.

By exploiting DNS records, attackers can redirect users to fake websites that look identical to the real ones. On DeFi platforms like Curve, this can trick users into connecting wallets and approving transactions, unknowingly sending funds to hackers.

These attacks are hard to detect, since the web address may still appear correct, making them especially dangerous even when smart contracts remain secure.

Not Curve’s First Breach

Curve Finance has faced similar attacks before. In 2022, a DNS hijack led to $570,000 in losses. In 2023, a separate exploit tied to the Vyper programming language resulted in $24 million in damages across DeFi projects.

Just days before the latest DNS incident, Curve’s X account was also briefly hijacked to spread a malicious link.

On the Flipside

• Despite the breach, Curve still holds over $2.3 billion in TVL and remains a cornerstone protocol for stablecoin liquidity in DeFi.
• Browser-based vulnerabilities are not unique to Curve—many DeFi protocols rely on front-end infrastructure, making this a broader industry concern.

Why This Matters

Curve is deployed across 22 blockchain networks and ranks among the top 20 DeFi protocols. While its smart contracts remain secure, repeated infrastructure breaches highlight ongoing concerns about DeFi platforms’ operational security.

Discover DailyCoin’s top crypto news:

HBAR, XRP Erupt: SWIFT Drops Bombshell Crypto Wallet News
Bitcoin Record Price Run Today Ignites $2B Liquidation Chaos